A phishing campaign is impersonating an IT help desk and abusing legitimate cloud services to fool users, according to Ax Sharma at BleepingComputer. The emails are sent from the professional-looking domain “servicedesk[.]com” and purport to be notifications informing users that several of their emails have been quarantined. The users are instructed to click a button in the email that says “RELEASE MESSAGES” in order to view these emails.
This link will take the user through a legitimate Microsoft Dynamics 365 URL, which redirects them to a phishing page hosted on an IBM Cloud domain. This page is customized to impersonate the user’s email login portal in an attempt to steal their credentials. After the user enters their credentials, they’ll be redirected to the real website associated with their email address.
“Using three well-known enterprise solutions like IBM Cloud hosting, Microsoft Azure, and Microsoft Dynamics to host the phishing landing pages adds legitimacy to the campaign,” Sharma explains. “This is especially true as domains hosted on Azure (windows.net) or IBM Cloud automatically get free SSL certificates that contain these companies' names, adding even more legitimacy.”
The attacker has also taken steps to increase the chances that a victim will enter their real password on the site.
“This landing page is designed with some degree of awareness on the attacker’s part as entering a ‘test’ password that is too weak will throw a ‘wrong password!!’ error,” Sharma writes. “Entering a password of decent length and complexity, perhaps once it matches the criteria set forth by IBM Cloud, will redirect the user to another fake page confirming the settings update host on Microsoft Azure’s hosting domain, windows.net.”
Sharma concludes that this campaign demonstrates how attackers abuse legitimate infrastructure to bypass email security solutions.
“Phishing emails are an everyday nuisance for both business and personal email users but could lead to very dire consequences, including data theft and enterprise-wide ransomware attacks,” Sharma concludes. “Increasing cases of phishing campaigns abusing legitimate cloud infrastructure are on the rise as they add legitimacy to the phishing attacks and provide free SSL certificates. This increased complexity allows attackers to potentially bypass spam filters and security products, which leads to a greater need for sophisticated security systems in this never-ending game of cat and mouse.”
New-school security awareness training can help your employees avoid falling for the phishing emails that slip through your technical defenses.
BleepingComputer has the story.
Here's how it works:
