More Microsoft 365 phishing attacks are using this dangerous new method - here’s what you need to know

Another legitimate service is being abused

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Modern-dayphishingmethods include abusing legitimate cloud services to bypass email security solutions and land a malicious email right into the victim’s inbox.

In this latest example, cybersecurity researchers from Trustwave found a threat actor abusingMicrosoft’s Rights Management Services (RMS) to deliver links to fake landing pages to their victims. The attacks are highly targeted and quite difficult to mitigate, the researchers are saying.

In the attack, the threat actors will use a previously stolen email account to send a message to their victim. The message will contain an attachment created using the RSM service, meaning it will be encrypted and will carry the .RPMSG extension. Microsoft designed RSM to offer an additional layer of protection for sensitive files, by forcing readers to first authenticate.

Stealing sensitive data

The authentication can be done either using the Microsoft account, or via a one-time passcode.

Once the users authenticate and be granted the ability to read the message, they’ll be redirected to a fake SharePoint document hosted onAdobe’s InDesign service. The document holds a “Click Here to View Document” call-to-action, which brings the users to an empty page with a “Loading” message. This is merely a distraction, while a malicious script siphons sensitive data in the background.

The data includes visitor ID, connect token and hash, video card renderer information, system language, device memory, hardware concurrency, installed browser plugins, browser window details, and OS architecture. Once this process is complete, the page will reload into a fake Microsoft 365 login form that steals the visitor’s login credentials and sends them to the attackers.

Dropbox wants to cut down on the number of apps you use at work>Microsoft is bringing AI to Microsoft 365>These are the best firewalls right now

“Educate your users on the nature of the threat, and not to attempt to decrypt or unlock unexpected messages from outside sources,” Trustwave said in its report.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“To help prevent Microsoft 365 accounts being compromised, enable Multi-Factor Authentication (MFA).”

Multi-factor authentication is not foolproof but does make the threat actors work a lot harder to gain access to their target’sendpoints. Given that it’s quite simple to set up, MFA is praised in the cybersecurity community and is considered the industry standard.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet