phishing microsoft

New two-phase phishing campaign exploits Microsoft tools to the detriment of users: how to defend yourself

A new phishing campaign, sophisticated and devious, is alarming cybersecurity experts. Attackers exploit Microsoft tools such as Visio And SharePoint to orchestrate a two-phase attackdesigned to steal user credentials, all with impressive effectiveness. The technique is based on sending apparently harmless files to victims which, once opened, redirect users to pages with which phishing is actually perpetrated. These sites simulate Microsoft 365 login portalstricking users into providing their credentials. The layered nature of this new cyber attack allows it to evade many traditional security systems, exploiting the trust that users usually place in official platforms, generally considered reliable. Understanding how this type of scam works and taking the necessary countermeasures is essential to protecting your data.

How the two-stage phishing campaign works

Let’s analyze in more detail how the two-phase phishing campaign works which is worrying some cybersecurity experts so much.

Specifically, bad actors use file with .vsdx extensionproper to Microsoft Visioa tool often used to create professional diagrams. While Visio files have rarely been used in previous phishing campaigns, attackers have now turned them into a means of hiding malicious URLs. These files come shared via emails that appear to come from reliable sourcessuch as colleagues or business partners. To increase credibility, attackers often compromise real accounts to send these messages, thus bypassing authentication checks and tricking their potential victims (and, by extension, their computer systems) into considering them safe.

Once the attached Visio file is opened, you are prompted to click the “View document” button holding down the Ctrl key while the button is clicked, a manual procedure that allows you to bypass automated security systems. At this point, the user is directed to a phishing page that closely replicates the Microsoft 365 login interface. By entering your credentials, you lose access to your account, which then becomes usable by cybercriminals to perpetrate further attacks.

The attack is also revealed through the use of Microsoft SharePointa software developed by the Redmond giant that allows the creation and distribution of websites used mainly for business purposes (but which can also be distributed online if desired). Here attackers host malicious files, making it even more difficult for security systems to recognize the deception. Incorporating .eml files or URL Inside emails and documents, attackers exploit the reputation of Microsoft platforms to bypass virtually any security check.

Image
In the screenshot, the .eml file contains a URL that leads to a malicious file hosted on SharePoint. Credit: Perception Point.

How to protect yourself from phishing campaigns on Microsoft 365

If you’re wondering how to defend yourself from the two-phase phishing campaignknow that, as the experts suggest Perception Pointit is fundamental adopt advanced cybersecurity solutions. This is especially true if you use Microsoft software in a corporate environment, given that the latter is in fact the “terrain” in which the attack developed and spread.

Experts particularly recommend theuse of dynamic URL detection systemswhich analyze links in real time to identify malicious ones. Other effective measures include the implementation of Suspicious file detection models and the adoption of Stronger authentications to limit the impact of compromised accounts. Furthermore, not to be underestimated is theeducation of company personnel in avoiding cyber threats which, although it may involve a considerable economic expense, is essential to avoid intrusion into company systems by cyber criminals.