Phishing attacks are still on the rise. And hackers are getting more sophisticated in the ways they spoof elements in a user's environment in order to gain access.
The latest attack, first reported by Rapid7's MDR detection team, shows hackers using the target's branded Microsoft 365 tenant login pages to increase the legitimate look of their phishing attempt.
Hackers Get Creative With Hosting
In order to be able to pull off scams like this, hackers use Azure Blob or Web/sites storage to provide them with an SSL certificate from Microsoft.
This allows them to create very realistic-looking Microsoft login pages in order to attempt to steal Office 365, Azure AD, Outlook, and Microsoft account credentials.
Matt Aldridge, senior solutions architect at Webroot, says, "cloud hosted services still require the same level of risk management, ongoing monitoring, upgrades, backups and maintenance as traditional infrastructure."
Keep in mind, hackers are now purchasing legitimate Cloud storage from Microsoft to use it to create phony login pages that attempt to fool users.
What Can Companies Do To Be Secure Against This Type of Attack?
There are several actions businesses should take to protect their users from these crafty phishing attempts:
1. The first is education. Companies must educate their customers on what the domain address of their log-in pages should be and also train employees regularly on identifying phishing attempts. Share screenshots on chat sites like Teams of recognized phishing attempts and encourage employees to read about the latest forms of attack in tech news. Quarterly phishing tests provided by a third-party security partner can also help employees to better spot spoofed pages and malicious links.
2. Monitor company sites. For example, PTG provides a quarterly security scorecard, so that our clients know how well their systems are secured against phishing, ransomware, and other threats.
3. Enable Multi-factor Authentication across all devices. With these attacks getting more and more sophisticated, it is necessary to deploy the extra-layer of identity protection that MFA provides. Microsoft says that users who use MFA will block 99.9% of the 300 million fraudulent sign-in attempts they are seeing daily.
4. The best defense these days is to take a dynamic approach by stacking several threat detection tools and partnering with a cybersecurity team capable of monitoring them. If someone from your organization does fall for one of these skillful spoofed log-in pages, you will need a fast-response from your support team to limit the exposure and cost.