A new phishing campaign leveraged DocuSign branding along with a landing page hosted on Amazon public cloud storage (S3) to target users’ Microsoft Office credentials.

In late July, Proofpoint researchers observed a phishing campaign that used branding from electronic signature service DocuSign to target a small number of individuals in organizations across multiple verticals. Emails directed recipients to a landing page that also contained DocuSign branding on Amazon S3, a phishing site designed to steal users’ Office 365 credentials.

The attackers used extensive XOR obfuscation to safeguard their phishing landing page. Further investigation revealed that the threat actor behind this campaign had hosted other low-volume campaigns on AWS domains. Many of these similarly abused DocuSign and targeted users’ Microsoft Office credentials, but some of those attacks also exploited ShareFile.

A Rise in Cloud-Hosted Phishing Attacks

Cybercriminals have often turned to the cloud to host their phishing landing pages in the past several months. In February, for instance, EdgeWave observed attackers abusing Microsoft Azure to host a landing page for a campaign designed to steal employees’ Facebook credentials.

Netskope detected a similar operation targeting users’ Amazon details just a few months later. Similarly, the Zscaler ThreatLabZ team detected a phishing campaign that leveraged both Microsoft Azure and Microsoft SSL certificates to harvest unsuspecting users’ Outlook credentials.

How Quickly Can You Detect a Phishing Campaign?

Security leaders should consider investing in machine learning solutions to improve the speed at which their defenses can spot and block phishing domains. Analyzing phishing data in machine-deliverable threat intelligence can also help security teams prioritize specific attacks based on their threat rankings.

More from

Remote Employees: Update Your Routers (and More WFH IT Tips)

As a business owner or manager, you must ensure your employees have the right tools and resources to do their jobs well — especially with more people working from home. And IT infrastructure is one of the most important considerations regarding remote work.However, the truth is that most employees don’t think about their IT infrastructure until something goes wrong. In many cases, this can leave an employee stranded and unable to complete their tasks. In a worst-case scenario, this reactionary…

More School Closings Coast-to-Coast Due to Ransomware

Instead of snow days, students now get cyber days off. Cyberattacks are affecting school districts of all sizes from coast-to-coast. Some schools even completely shut down due to the attacks. The federal government recently warned that K-12 schools face a growing threat from cyber groups. According to the FBI, school districts often have limited cybersecurity protections, which makes them even more vulnerable. The FBI also says it anticipates the number of threats to increase. In a recent warning, the nation’s…

The Role of Human Resources in Cybersecurity

The human resources (HR) department is an integral part of an organization. They work with all departments with a wider reach than even IT. As a highly visible department, HR can support and improve an organization’s security posture through employee training. Their access to employees at the start of employment is an opportunity to lay a foundation for a culture of risk awareness. HR departments do not typically include cybersecurity risk awareness training with new hire onboarding, but it’s something…

New Attack Targets Online Customer Service Channels

An unknown attacker group is targeting customer service agents at gambling and gaming companies with a new malware effort. Known as IceBreaker, the code is capable of stealing passwords and cookies, exfiltrating files, taking screenshots and running custom VBS scripts. While these are fairly standard functions, what sets IceBreaker apart is its infection vector. Malicious actors are leveraging the helpful nature of customer service agents to deliver their payload and drive the infection process. Here’s a look at how IceBreaker…