Light Dark
May 20, 2020 By David Bisson 2 min read

Microsoft discovered numerous phishing campaigns in which malicious actors attempted to spoof its new Azure AD sign-in page.

Microsoft Security Intelligence said that the spoofing attempts against its new Azure AD sign-in page first appeared in its Office 365 Advanced Threat Protection (ATP) data on May 14. In one of the operations disclosed by Microsoft that same day, malicious actors sent out attack emails with the subject line, “Business Document Received.” The messages attempted to trick recipients into clicking on what appeared to be a OneDrive document. In reality, the attachment was a PDF document that redirected recipients to a phishing site designed to look like Microsoft’s newly redesigned sign-in page.

Leveraging dozens of phishing sites, the campaign described above and others like it arrived approximately three months after the tech giant announced an update to its sign-in page. That change boiled down to visual user interface (UI) modification of the page’s background image so that the sign-in process would consume less bandwidth and load pages more quickly, as Microsoft explained at the time.

A Sign of Phishers’ Desire to Continually Adapt

The Azure AD spoofing campaigns described above represent just the latest attempt by phishers to adapt to changing times. Most commonly, this takes the form of digital fraudsters capitalizing on well-publicized disasters. Such was the case in 2010 when Forcepoint reported on scams surrounding an earthquake in Haiti. The same was true in October 2018 when Proofpoint uncovered phishing schemes leveraging Hurricane Michael as a lure. It’s therefore fitting that malicious actors are ramping up spam activity right now, as IBM Security revealed in a joint study with Morning Consult.

Defend Against Spoofed Azure AD Phishing Attacks

Security professionals can help their organizations defend against adaptive phishing attacks by building a robust security awareness training program. This type of initiative can help keep the workforce educated with regard to evolving phishing attacks and techniques. Additionally, infosec personnel should seek to balance these human controls with technical controls such as network segmentation and the implementation of a least privilege model.

 |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

December 17, 2024

Testing the limits of generative AI: How red teaming exposes vulnerabilities in AI models

4 min read - With generative artificial intelligence (gen AI) on the frontlines of information security, red teams play an essential role in identifying vulnerabilities that others can overlook.With the average cost of a data breach reaching an all-time high of $4.88 million in 2024, businesses need to know exactly where their vulnerabilities lie. Given the remarkable pace at which they’re adopting gen AI, there’s a good chance that some of those vulnerabilities lie in AI models themselves — or the data used to…

December 16, 2024

FBI, CISA issue warning for cross Apple-Android texting

3 min read - CISA and the FBI recently released a joint statement that the People's Republic of China (PRC) is targeting commercial telecommunications infrastructure as part of a significant cyber espionage campaign. As a result, the agencies released a joint guide, Enhanced Visibility and Hardening Guidance for Communications Infrastructure, with best practices organizations and agencies should adopt to protect against this espionage threat. According to the statement, PRC-affiliated actors compromised networks at multiple telecommunication companies. They stole customer call records data as well…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature