Researchers at Microsoft 365 (opens in new tab) Defender have dismantled the cloud computing (opens in new tab) infrastructure that was used to orchestrate a large-scale business email (opens in new tab) compromise (BEC) campaign.
In a joint blog post (opens in new tab), Stefan Sellmer, from Microsoft 365 Defender Research Team, and Nick Carr, from Microsoft Threat Intelligence Center (MSTIC) share details about the malicious cloud infrastructure that was spread across multiple web services.
The cybersecurity (opens in new tab) researchers shared that the campaign compromised mailboxes using phishing and forwarding rules, with the intention of getting their hands on emails about financial transactions.
- Here’s our roundup of the best email services (opens in new tab)
- Also check our list of the best email clients (opens in new tab)
- These are the best email hosting providers (opens in new tab)
“This investigation also demonstrates how cross-domain threat data, enriched with expert insights from analysts, drives protection against real-world threats, both in terms of detecting attacks through products like Microsoft Defender (opens in new tab) for Office 365, as well as taking down operations and infrastructures,” write the researchers.
Microsoft’s analysis revealed that the attackers relied on a robust cloud infrastructure to automate their operations at scale.
The attackers also found a way around the use of multi-factor authentication (MFA) by exploiting legacy protocols such as POP3/IMAP, which the targets had forgotten to disable.
Unraveling the attack vectors in this BEC attack, the researchers note that the campaign goes to show the stealthy nature of email-based campaigns that blend into legitimate traffic.
The researchers also used the opportunity to show some of the mechanisms built into Office 365, which help it defend users against such BEC campaigns, including the use of Artificial Intelligence (AI (opens in new tab)) to detect anomalous behavior.
They conclude by stressing on the importance of framing a comprehensive defense strategy, which includes both pre-breach and post-breach steps of action.
- Protect your devices with these best antivirus software (opens in new tab)
Via BleepingComputer (opens in new tab)