Microsoft has quietly seized control of several domains that were used in COVID-19-themed attacks against its customers over the past several months.
The US District Court for the Eastern District of Virginia had earlier granted the company permission to seize the domains after Microsoft had filed a civil complaint about the attacks causing it "irreparable and ongoing harm."
Tom Burt, Microsoft corporate vice president, customer security and trust, today likened the attacks to a form of business email compromise that targeted customers in 62 countries.
The attacks first began in December 2019 and involved phishing emails designed to look like they originated from the recipient's employer or other trusted source. Many of the emails were directed at business leaders in a variety of industries and — initially, at least — contained messages pertaining to common business activities. When a recipient clicked the embedded link in these emails, it led to a sequence of events that ended with the user being prompted to grant access privileges to a malicious web app.
The fraudulently obtained privileges gave the attackers full access to the victim's Office 365 account, including email, contact lists, and data stored in OneDrive for Business and in corporate SharePoint document management and storage systems. Unlike typical phishing scams, the attackers in this case were able to gain full, unauthorized access to Office 365 accounts without requiring victims to share their usernames or passwords via fake websites and other interfaces, Burt said in a blog post.
"After clicking through the consent prompt for the malicious web app, the victim unwittingly granted criminals permission to access and cont ..
Support the originator by clicking the read the rest link below.
