Cybercriminals have started using Static Web Apps, an Azure service, in their phishing attacks against Microsoft 365 (opens in new tab) users.
These features have been used by threat actors to host static landing phishing pages, the researchers are now saying. These landing pages look almost identical to official Microsoft services, with the company logo, and the Single SignOn (SSO) option that harvests Office (opens in new tab) 365, Outlook, or other credentials.
We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.
>> Click here to start the survey in a new window (opens in new tab) <<
Reporting on the findings, BleepingComputer says using Azure Static Web Apps to target Microsoft users is an “excellent tactic”, as each landing page gets its own secure page padlock in the address bar, due to the *.1.azurestticapps.net wildcard TLS certificate.
With such a TLS certificate, even the most suspicious of victims could be tricked.
It also makes the landing pages good for targeting users on other platforms and other email providers, as these victims could also be fooled by the fake security assurance of the legitimate Microsoft TLS certificate.
Usually, when a person is suspecting a phishing attack, they’d check the URL they’re being invited to click. Using Azure Static Web Apps renders this advice useless, as many will most likely be fooled by the azurestticapps.net, and think the identity (opens in new tab) is legitimate, the publication concludes.
> What is phishing and how dangerous is it? (opens in new tab)
> LinkedIn is becoming a paradise for phishing attacks (opens in new tab)
> Phishing attacks hit more businesses than ever last year (opens in new tab)
Azure Static Web Apps Microsoft’s tool that helps developers build and deploy full stack web apps to Azure, from a code repository.
Microsoft is silent on the matter, for the time being.
- If you're looking to keep your devices secure, make sure to get one of the best endpoint protection services right now (opens in new tab)
Via: BleepingComputer (opens in new tab)