Skip to main content

Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks






 A phishing campaign, discovered by researchers at Cofense, is draping itself in a Microsoft Office SharePoint theme and successfully bypassing security email gateways (SEGs). In a post on Tuesday, the firm said that this is an example of why it’s not always prudent to share documents via Microsoft’s hugely popular, widely used SharePoint collaboration platform. 

The phish is targeting Office 365 users with a legitimate-looking SharePoint document that claims to urgently need an email signature. The campaign cropped up in a spot that’s supposed to be protected by Microsoft’s own SEG. This isn’t the first time that we’ve seen the SEG sanctuary get polluted:: In December, spearphishers spoofed Microsoft.com itself to target 200 million Office 365 users, successfully slipping past SEG controls due to Microsoft’s reported failure to enforce domain-based message authentication, reporting & conformance (DMARC): an email authentication protocol built specifically to stop exact domain spoofing (SPF/DKIM).

‘Response Urgently…?’

As this image of the text in the phishing email exhibits, the spelling and grammar made use of in the boobytrapped message aren’t the most egregious, atrociously spelled, syntactically weird giveaways you can uncover in these kinds of phishing campaigns. But then once more, it is probably secure to presume that any SharePoint concept that asks you to “response urgently” isn’t coming from a indigenous speaker. 

The mere actuality that the concept presses urgency on its recipients really should be a idea-off, of course: “Rush-rush” is a regular phishing ploy. Cofense notes that other red flags consist of the fact that the user’s name is not obvious in the opening message: an indication that it’s a mass-distribution campaign meant to access a lot of targets.

As effectively, when recipients hover about the hyperlink, they’ll see disguise nor hair of any reference to Microsoft. All those who click on on the backlink will in its place be shuffled more than to the landing page proven down below, which display’s Microsoft’s SharePoint brand and the “Pending file” notification in front  of a blurry background and a ask for for the supposed sufferer to log in to check out the document. That “could suffice for threat actors to extract and harvest users’ particular info,” Cofense says. If and when credentials are handed around, the campaign redirects the user to a spoofed, unrelated document, “which might be adequate to trick the consumer into wondering this is a genuine transaction,” Cofense says. 

Comments

Post a Comment

Popular posts from this blog

Understanding Ransomware

Ransomware is a type of malicious software designed to encrypt or block access to a victim's files or entire computer system. The attackers demand a ransom payment, typically in cryptocurrencies, in exchange for providing the decryption key or restoring access. This insidious form of cyberattack has evolved over the years, becoming more sophisticated and causing significant disruption.   The impact of ransomware attacks can be devastating on multiple levels. For individuals, it can result in the loss of personal data, compromising sensitive information like financial records or personal documents. In businesses, ransomware can disrupt operations, leading to financial losses, reputational damage, and potential legal implications. Critical infrastructure, such as healthcare or government systems, can also become targets, risking public safety and national security.
Post a Comment
Read more

Information security !!!

 
Post a Comment
Read more

Different types of cyber attacks

Malware attacks: Malware attacks involve the use of malicious software, such as viruses, worms, or ransomware, to damage or disrupt systems or steal sensitive data. Phishing attacks: Phishing attacks involve the use of fake emails or websites to trick individuals into revealing sensitive information, such as passwords or financial data. Denial of service (DoS) attacks: DoS attacks involve flooding a network or website with traffic in an attempt to make it unavailable to users. SQL injection attacks: SQL injection attacks involve injecting malicious code into a database through a website or application in order to gain unauthorized access or steal sensitive data. Man-in-the-middle (MitM) attacks: MitM attacks involve intercepting communications between two parties in order to gain access to sensitive information or to alter the content of the communication. Insider attacks: Insider attacks involve the use of an individual's authorized access to systems or data to compromise the secu...
Post a Comment
Read more