![\"\"](\"\/\/www.iser-br.com\/Themes\/Release\/images\/responsive\/ettelecom-default.jpg\")
The US District Court for the Eastern District of Virginia on Tuesday unsealed documents detailing Microsoft's work to disrupt cybercriminals that were taking advantage of the COVID-19<\/a> pandemic in an attempt to defraud its users.
Microsoft's Digital Crimes Unit (DCU) first observed these criminals in December 2019, when they deployed a sophisticated, new phishing scheme designed to compromise customer accounts.
Microsoft later observed renewed attempts by the same criminals, this time using COVID-19-related lures in the phishing emails to target victims.
\"This malicious activity is yet another form of business email compromise (BEC) attack, which has increased in complexity, sophistication and frequency in recent years,\" Tom Burt, Corporate Vice President, Customer Security & Trust, said in a statement.
According to the FBI's 2019 Internet<\/a> Crime Report, the most-costly complaints received by their Internet Crime Complaint Center (IC3) involved BEC crimes, with losses of over $1.7 billion, representing nearly half of all financial losses due to cybercrime<\/a>.
The phishing emails instead contained messages regarding COVID-19 as a means to exploit pandemic-related financial concerns and induce targeted victims to click on malicious links.
Once victims clicked on the deceptive links, they were ultimately prompted to grant access permissions to a malicious web application<\/a> (web app).
Web apps are familiar-looking as they are widely used in organizations to drive productivity, create efficiencies and increase security in a distributed network.
Unknown to the victim, these malicious web apps were controlled by the criminals, who, with fraudulently obtained permission, could access the victim's Microsoft Office 365 account, said Microsoft.
This scheme enabled unauthorized access without explicitly requiring the victims to directly give up their login credentials at a fake website or similar interface, as they would in a more traditional phishing campaign.
After clicking through the consent prompt for the malicious web app, the victim unwittingly granted criminals permission to access and control the victims' Office 365 account contents, including email, contacts, notes and material stored in the victims' OneDrive<\/a> for Business cloud storage space and corporate SharePoint document management and storage system.
The company said that this unique civil case against COVID-19-themed BEC attacks \"has allowed us to proactively disable key domains that are part of the criminals' malicious infrastructure, which is a critical step in protecting our customers\".
While the lures may have changed, the underlying threats remain, evolve and grow, and it's more important than ever to remain vigilant against cyber attacks, the company added.<\/body>","next_sibling":[{"msid":76849986,"title":"Trending stocks: Vodafone Idea shares rise over 1%","entity_type":"ARTICLE","link":"\/news\/trending-stocks-vodafone-idea-shares-rise-over-1\/76849986","category_name":null,"category_name_seo":"telecomnews"}],"related_content":[],"msid":76850001,"entity_type":"ARTICLE","title":"Microsoft busts hackers who used Covid-19 as bait to lure customers","synopsis":"A US court has allowed Microsoft to seize control of key domains of cyber criminals who used COVID-19-related lures in the phishing emails to target its customers in 62 countries and access Office 365 account contents, including email, contacts, notes and material.","titleseo":"telecomnews\/microsoft-busts-hackers-who-used-covid-19-as-bait-to-lure-customers","status":"ACTIVE","authors":[],"analytics":{"comments":0,"views":324,"shares":0,"engagementtimems":1509000,"url":"https:\/\/ettelecom.indiatimes.com\/telecomnews\/microsoft-busts-hackers-who-used-covid-19-as-bait-to-lure-customers\/articleshow\/76850001.cms"},"Alttitle":{"minfo":""},"artag":"IANS","artdate":"2020-07-08 13:00:28","lastupd":"2020-07-08 13:02:25","breadcrumbTags":["cyber security","cybercrime","Hacking","Web application","covid-19","onedrive","Microsoft","Cloud computing","Internet","Office 365"],"secinfo":{"seolocation":"telecomnews\/microsoft-busts-hackers-who-used-covid-19-as-bait-to-lure-customers"}}" data-authors="[" "]" data-category-name="" data-category_id="" data-date="2020-07-08" data-index="article_1">
- Telecom乐动扑克News
- 2分钟阅读
微软萧条黑客Covid-19作为诱饵来吸引顾客
美国法庭允许微软控制的关键领域使用的网络罪犯COVID-19-related鱼饵钓鱼邮件的目标客户在全球62个国家和访问Office 365账户内容,包括电子邮件、联系人、笔记和材料。
读到
美国弗吉尼亚东区地方法院周二启封文档详细介绍微软的工作干扰利用网络犯罪COVID-19大流行,试图欺骗用户。
都柏林城市大学微软的数字犯罪单位()首先观察到这些罪犯在2019年12月,当他们部署复杂,新的钓鱼计划旨在客户帐户妥协。
微软后来观察到再次尝试同样的罪犯,这次使用COVID-19-related鱼饵钓鱼邮件的目标受害者。
“这恶意活动是另一种形式的业务邮件妥协(BEC)攻击,这增加了复杂性,复杂和频率近年来,”汤姆·伯特公司副总裁,客户的安全与信任,在一份声明中说。
根据美国联邦调查局(FBI)是2019互联网犯罪报告,收到的投诉成本最高的互联网犯罪投诉中心(IC3)涉及BEC罪行,损失超过17亿美元,占近一半的金融损失网络犯罪。
网络钓鱼电子邮件而不是包含消息关于COVID-19来利用pandemic-related金融问题和诱导目标受害者点击恶意链接。
一旦受害者点击欺骗性链接,他们最终促使授予访问权限恶意web应用程序(web应用程序)。
最常见Web应用程序是被广泛应用于组织推动生产力,创造效率和增加安全在一个分布式网络。
未知的受害者,这些恶意的网络应用程序控制的罪犯,他以欺诈手段获得许可,可以访问受害者的微软Office 365账户,微软说。
这个方案使未经授权的访问没有明确要求受害者直接放弃他们的登录凭证一个假网站或相似的界面,他们会在更传统的钓鱼活动。
点击同意之后提示恶意网页应用,受害者无意中获得罪犯权限访问和控制受害者的Office 365账户内容,包括电子邮件、联系人、笔记和资料存储在受害者的OneDrive企业云存储空间和企业SharePoint文档管理和存储系统。
该公司表示,这种独特的民事案件COVID-19-themed BEC攻击”使我们主动禁用关键领域的犯罪分子的恶意的基础设施,这是一个关键的步骤,它保护我们的客户”。
虽然吸引可能改变,潜在的威胁依然存在,发展和成长,这是更重要的比以往任何时候都保持警惕网络攻击,该公司补充道。
评论
现在评论 阅读评论(1)所有评论
找到这个评论进攻?
下面选择你的理由并单击submit按钮。这将提醒我们的版主采取行动