Phishers Target Microsoft & Google Public Cloud Users

A series of massive phishing campaigns are targeting public cloud users and the hackers are primarily looking for accounts on Microsoft's Office 365 and Google's Gmail platforms. 

Attacks are aimed at stealing corporate Microsoft Office 365  usernames and passwords is targeting a wide range of organisations and is trying to use CAPTCHA imagess (an automated challenge-response test) as a technique to lull victims into a fall sense of security.

Analysts at GreatHorn Threat Intelligence point to a phishing operation that is taking victims to fraudulent Office 365 login pages where credentials are stolen and loaders installed. 

GreatHorn has discovered these massive cyber attack propagating via open redirector domains and subsidiary domains belonging to multiple global brands, spreading through tens of thousands of mailboxes and targeting business users across industries, geographies, and companies. These attacks attempt to steal corporate email credentials, coupled with malicious JavaScript that deploys various Trojans and malware on any user who visits these pages, regardless of whether they submit their credentials or not. 

GreatHorn has also identified that senior executives and finance personnel are being targeted within the phishing campaigns. 

The similarity across the campaigns leads GreatHorn Threat Intelligence to believe it is a singular entity behind the attacks.The attackers appear to be attempting to evade detection by spoofing well-known applications, including Microsoft Office, Zoom, Microsoft Teams, and more. Also analysts at the cloud security specialist at Menlo Security say a campaign is using multiple CAPTCHA images to convince victims, primarily in the hospitality industry, to give up their credentials and personal information.

For organisations who are using role-based email security, users within these roles can be placed on more restrictive policies to minimise the risk associated with these attacks. Industries targeted by the attacks include finance, technology, manufacturing, government, pharmaceuticals, oil and gas, hospitality and more.

To protect against this and other phishing attacks, users should be wary of opening any links or attachments in emails that come from an unknown source - always check the source first before opening the email.

GreatHorn:          Dark Reading:         ZDNet:         KKHackLabs

You Might Also Read:

Cyber Security Teams Worry Most About Phishing & Ransomware:

 

« Voter Data Being Used To Disrupt US Election
Facebook & Google Will Be Regulated »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyren

Cyren

Cyren is a cloud-based, Internet security technology company providing threat detection and security analytics.

K7 Computing

K7 Computing

K7 provides antivirus and internet security products for business and home users.

softScheck

softScheck

softScheck is an IT security consultancy. Services range from pentesting and compliance testing to security auditing of software and IT infrastructure.

Wotan Monitoring

Wotan Monitoring

Wotan Monitoring is the software solution for fully automatic process monitoring, infrastructure monitoring and end-to-end monitoring.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

Greenetics Solutions

Greenetics Solutions

Greenetics Solutions is a company focused on providing solutions for information security.

IberLayer

IberLayer

IberLayer is the company behind the Email Guardian service, a cloud based Email Total Protection system that filters and blocks email threats.

RiskRecon

RiskRecon

RiskRecon makes it easy to gain deep, risk contextualized insight into the cybersecurity risk performance of all of your third parties.

VS Security Products

VS Security Products

VS Security Products design, manufacture and sell the most extensive range of degaussers and data destroyers on the market, suitable for all types of magnetic media.

Xperien

Xperien

Xperien is a leading South African Information Technology Asset Disposition (ITAD) company.

Ultratec

Ultratec

Ultratec provide a range of data centric services and solutions including data recovery, data erasure, data destruction and full IT Asset Disposal (ITAD).

Network Intelligence

Network Intelligence

Network Intelligence delivers a comprehensive suite of AI-powered cybersecurity solutions built on the ADVISE framework.

The Security Bulldog

The Security Bulldog

The Security Bulldog distills and assimilates open source cyber intelligence to enable security teams to understand threats more quickly, make better decisions, and accelerate detection and response.

inWebo

inWebo

inWebo is the specialist in multi-factor strong authentication (MFA). We guarantee the security of data and identities in a digital world with increasingly important economic and political stakes.

Rebellion Defense

Rebellion Defense

Rebellion Defense is a technology company developing advanced software to ensure mission-critical organizations stay ahead of emerging threats.

Stingrai Inc.

Stingrai Inc.

Stingrai helps companies prevent breaches by simulating real-world attacks through penetration testing.