Microsoft has taken legal action against cybercriminals that have taken advantage of the COVID-19 pandemic in an attempt to defraud customers in 62 countries around the world.
The U.S. District Court for the Eastern District of Virginia has passed an order that allows Microsoft to seize control of key domains in the criminals’ infrastructure so that it can no longer be used to execute cyberattacks.
Microsoft’s Digital Crimes Unit (DCU) first observed these criminals in December 2019, when they deployed a sophisticated, new phishing scheme designed to compromise their customer accounts.
The criminals attempted to gain access to customer email, contact lists, sensitive documents and other valuable information.
Recently, Microsoft observed renewed attempts by the same criminals, this time using COVID-19-related lures in the phishing emails to target victims.
This malicious activity is yet another form of business email compromise (BEC) attack, which has increased in complexity, sophistication and frequency in recent years, Microsoft said in a blog post.
According to the FBI’s 2019 Internet Crime Report, the most-costly complaints received by their Internet Crime Complaint Center (IC3) involved BEC crimes, with losses of over $1.7 billion, representing nearly half of all financial losses due to cybercrime.
While most of the public’s attention in recent years has justifiably focused on the malign acts of nation state actors, the increasing economic harm caused by cybercriminals must also be considered and confronted by the public and private sectors.
Microsoft and its Digital Crimes Unit will continue to investigate and disrupt cybercriminals and will seek to work with law enforcement agencies around the world, whenever possible, to stop these crimes.
Cybercriminals recently changed their strategy using COVID-19 related messages to exploit pandemic-related financial concerns and induce targeted victims to click on malicious links.
Once victims clicked on the deceptive links, they were ultimately prompted to grant access permissions to a familiar-looking malicious web application (web app), widely used in organizations to drive productivity. Unknown to the victim, these malicious web apps were controlled by the criminals, who, with fraudulently obtained permission, could access the victim’s Microsoft Office 365 account.
This scheme enabled unauthorized access without explicitly requiring the victims to directly give up their login credentials at a fake website or similar interface, as they would in a more traditional phishing campaign.