Microsoft discovered numerous phishing campaigns in which malicious actors attempted to spoof its new Azure AD sign-in page.

Microsoft Security Intelligence said that the spoofing attempts against its new Azure AD sign-in page first appeared in its Office 365 Advanced Threat Protection (ATP) data on May 14. In one of the operations disclosed by Microsoft that same day, malicious actors sent out attack emails with the subject line, “Business Document Received.” The messages attempted to trick recipients into clicking on what appeared to be a OneDrive document. In reality, the attachment was a PDF document that redirected recipients to a phishing site designed to look like Microsoft’s newly redesigned sign-in page.

Leveraging dozens of phishing sites, the campaign described above and others like it arrived approximately three months after the tech giant announced an update to its sign-in page. That change boiled down to visual user interface (UI) modification of the page’s background image so that the sign-in process would consume less bandwidth and load pages more quickly, as Microsoft explained at the time.

A Sign of Phishers’ Desire to Continually Adapt

The Azure AD spoofing campaigns described above represent just the latest attempt by phishers to adapt to changing times. Most commonly, this takes the form of digital fraudsters capitalizing on well-publicized disasters. Such was the case in 2010 when Forcepoint reported on scams surrounding an earthquake in Haiti. The same was true in October 2018 when Proofpoint uncovered phishing schemes leveraging Hurricane Michael as a lure. It’s therefore fitting that malicious actors are ramping up spam activity right now, as IBM Security revealed in a joint study with Morning Consult.

Defend Against Spoofed Azure AD Phishing Attacks

Security professionals can help their organizations defend against adaptive phishing attacks by building a robust security awareness training program. This type of initiative can help keep the workforce educated with regard to evolving phishing attacks and techniques. Additionally, infosec personnel should seek to balance these human controls with technical controls such as network segmentation and the implementation of a least privilege model.

More from

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

Abuse of Privilege Enabled Long-Term DIB Organization Hack

From November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to an advanced cyberattack on a Defense Industrial Base (DIB) organization’s enterprise network. During that time frame, advanced persistent threat (APT) adversaries used an open-source toolkit called Impacket to breach the environment and further penetrate the organization’s network. Even worse, CISA reported that multiple APT groups may have hacked into the organization’s network. Data breaches such as these are almost always the result of compromised endpoints…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…