It has recently come to light that a community of cybercriminals is making the most of the COVID-19 pandemic situation to defraud customers in about 62 countries around the world. A civil case has been filed that allows Microsoft to secure the control of critical domains in and around the criminals’ infrastructure to avoid any cyberattack being planned or executed.
The first cases were observed by Microsoft’s Digital Crimes Unit (DCU) in December 2019. The cybercriminals launched a well-designed phishing scheme with the target of compromising Microsoft’s customer accounts. With the mentioned deployment, they could have access to email, contact lists, sensitive documents, and other valuable information of the customer. Keeping track of patterns, Microsoft took an approach to block the criminals and the implanted malicious applications. Yet, now, the criminals are using COVID-19-related baits in the phishing emails to target customers. This attack can be categorized as a business email compromise (BEC) attack, with increased complexity and sophistication. BEC crimes are the most costly reported crimes, as mentioned by the FBI, according to their 2019 report. The public has somehow sidelined its focus from the economic losses caused by cybercrimes, but it is, without a doubt, of utter importance. However, Microsoft is working hard to fight with such crimes by taking the help of law in different parts of the world.
In this case, the phishing emails are designed in a way that appears to be coming from an employer or other trusted source. Following, these emails are targeted at business leaders across a variety of industries. The phishing emails aim to compromise the hacked accounts, steal data and information, and redirect wire transfers. When the initial attacks were started, the criminals tried to attach links in the email with business terms. Any user would indeed be convinced to click it. But now, it has all taken a new shape. The criminals are taking advantage of the pandemic situation. The cybercriminals are targeting emails by using terms like “COVID-19 Bonus”, etc. to convince the victim.
These links, when clicked, ask for permission. When the victim grants a license, he/she is unaware that the consent is being given to a malicious application. These malicious applications are mostly web applications and are almost similar, looking for one to be convinced enough. Next, up, the criminals have the authority to access the victim’s Microsoft Office 365 account that includes email, contacts, notes, and material stored in OneDrive for Business cloud storage space and corporate SharePoint document management and the complete storage system. This method is more convincing than traditional phishing methods. It is also more likely for people to fall into this trap.
Microsoft is doing its duty of closely monitoring such activities. As a result, Microsoft is being able to block all malicious web applications relating to telemetry. This approach has helped to develop the security system and protections. Yet, there might be cases when the cybercriminals try to surpass every defensive mechanism installed by Microsoft. Microsoft believes the solution to such cases is working on legal actions. This, one of its kind, civil cases against COVID-19 based BEC attacks, has paved the path for proactive disabling key domains that stand in the criminals’ malicious infrastructure. This approach is a significant step in maintaining customer protections.
Cybercriminals will always take up the trend and design their attack in the most convincing way. While the situations keep changing, the following threats and consequences will forever remain the same. Enabling two-factor authentication is a must in these days of vulnerabilty. You can take this up for all your accounts, as this is the first step towards protection. You can also invest some time into learning to identify schemes yourself so that you can work at a prudent level. Finally, you can disable email auto-forwarding to make it difficult for criminals to steal your information anytime.