Cybersecurity researchers at Microsoft are now warning its users of a brand new phishing campaign that hackers could use to steal information. The new phishing techniques redirect the victims to malicious URLs that could steal users' information.
Microsoft Cybersecurity Researchers
According to TechRadar, cybersecurity researchers over at Microsoft have just shared certain details regarding a comprehensive credential phishing campaign that reportedly uses open redirector links to be able to lure users into clicking. Legitimate sales as well as marketing campaigns most often rely on open redirects in order to track click rates and lead customers to certain landing pages.
Researchers warn that attackers could reportedly abuse open redirects in order to link to a URL in a certain trusted domain then embed the eventual final malicious URL as a new parameter. Such abuse could even prevent users as well as security solutions from being able to quickly recognize that the link would possibly be a malicious URL.
Attackers New Phishing Approach
While the abuse of open redirects isn't really a novel approach, the attackers within the current campaign could combine these particular links with social engineering tricks by impersonating certain popular tools and services in order to trick users to click on those fake malicious links.
3,300 companies were allegedly exposed due to a Microsoft Azure Cosmos DB database which is not the only vulnerability that Microsoft users have experienced in the past. Phishing campaigns have been going on for quite a while and is one of the oldest techniques hackers use to steal information.
Casual URLs to Look Like a Trustworthy Domain Name
Unraveling the details of the particular campaign, the researchers note that the links lead to not just one but actually several redirects. It even throws a Captcha verification page which is a bid to fool users into thinking that the page is actually above-board.
Once the users finally answer the Captcha, the attackers can then take them to another fake sign-in page of a certain legitimate service. Researchers also suggest that phishing attacks make use of other open redirects due to a casual inspection of the URL from an email client which will display a trustworthy domain name which encourages the users to click the particular link.
Researchers Warn of Getaway Solutions
The researchers reason that likewise, traditional email getaway solutions could inadvertently allow certain emails from this campaign to be able to pass through due to their settings being trained to help recognize the primary URL. This is without necessarily checking the particularly malicious parameters that are hiding in plain sight. Microsoft Exchange servers were just hacked by a brand new ransomware gang through the ProxyShells vulnerability.
Another particular aspect of the campaign that actually shows the commitment of the threat actors behind it, is that it usually relies on quite a huge number of domains. This includes at least 350 unique ones, which is yet another attempt to help evading detention.
Related Article: Apple CSAM Detection Tool a "Disaster-in-the-Making," Edward Snowden Says
This article is owned by Tech Times
Written by Urian B.