A massive phishing campaign targets Outlook and Exchange, Microsoft’s email services, hackers even managing to bypass the two-factor identification system, supposed to protect users.
If you use Outlook or Exchange, be very careful at this time! Cybersecurity company Zscaler has unveiled a new phishing attack (Phishing in French) particularly dangerous which targets Microsoft messaging. As often, it is an identity theft scam aimed at substituting sensitive personal data – identifiers, passwords, bank details… – with the aim of extorting money. In its report, the firm explains that this campaign mainly targets professionals and businesses, especially in the areas of FinTech, loans, finance, insurance, accounting, energy and federal credits, but “this is not an exhaustive list of targets”, insists The report and individuals are not spared.
Phishing: Outlook and Exchange targeted by a massive campaign
Researchers began working on this campaign in June 2022. These attacks begin by sending emails containing malicious links, which are sent directly in the body of the email or in an HTML file attached to the message. Often, the emails and links have misleading domain names, containing a misspelling or a misleading variation for example (see our article on fake domain names). Based on the AiTM (Adversary-in-the-Middle) model, hackers interfere between the email client and the company server using a proxy. Concretely, each time one of the components tries to communicate with the other – data flows, authentication challenges, etc. – the data first passes through hackers, who then have the possibility of observing or modifying them before they are transmitted to the intended recipient. This technique makes it possible to appropriate the data exchanged, including double authentication – and that is the whole problem. This method requires the user to prove their identity using two different means of verification before being able to access their account – for example, they must enter their credentials and then a code that was received on their mobile phone. This technique is very effective since, even if the hacker manages to seize the identifiers, the data/accounts are protected by a second “barrier”. However, faced with the method used here, this security measure is totally ineffective.
Once they trick accounts, hackers in turn use them as a means of spreading their attack, making it even more difficult to detect a fraudulent email. “In some cases, executive work emails were compromised using this phishing attack and then used to send other phishing emails as part of the same campaign“, explains Zscaler. Once introduced, hackers can connect to their victim’s account to quietly recover their personal and even banking data. This campaign is hard to stop because its actors constantly update their tactics, techniques and procedures to circumvent various security measures. New phishing domains are still registered almost every day today. Therefore, as a precautionary measure, it is recommended not to open attachments or click on links in e-mails. mails sent by untrusted or unknown sources.Be sure to check the URL in the address bar of the browser before entering any credentials, so be careful.