Microsoft has taken legal action to bring down a sophisticated cyber fraud scheme that targeted CEOs in more than 60 countries around the world.
Microsoft Corporate Vice President for Customer Security and Trust, Tom Burt, wrote about the sophisticated COVID-19-themed global fraud syndicate and the tech giant’s efforts to squash it, culminating with the US District Court for the Eastern District of Virginia allowing the company to seize control of “key domains in the criminals’ infrastructure”, preventing it from continuing its cyberattack campaigns.
The scheme involved the hackers trying to trick businesses, specifically high-level executives, into sending large sums of money to the attackers under the guise of sending it to a trusted party.
The attacks were undertaken by the same group behind a “sophisticated phishing scheme designed to compromise Microsoft customer accounts” in December last year, accessing customer emails, contact lists and sensitive documents.
Microsoft was able to block this activity and disable the malicious fake app used by the group.
But the group re-emerged in recent months, this time using the COVID-19 pandemic to lure unsuspecting businesses into their trap with phishing emails.
The widespread attack was a form of business email compromise attack, Burt said.
“These cybercriminals designed the phishing emails to look like they originated from an employer or other trusted source and frequently targeted business leaders across a variety of industries, attempting to compromise accounts, steal information and redirect wire transfers,” Burt said in a blog post.
“When the group first began carrying out this scheme, the phishing emails contained deceptive messages associated with generic business activities.”
The more recent efforts exploited coronavirus-related financial issues to try to lure the victims, with links such as “COVID-19 bonus”.
If the target clicked on this link, they would be prompted to grant access permissions to the attackers’ malicious web app. If this prompt was agreed to, the criminals could then access the victim’s Office 365 account.
“This scheme enabled unauthorised access without explicitly requiring the victims to directly give up their login credentials at a fake website or similar interface, as they would in a more traditional phishing campaign,” Burt said.
The legal action taken by Microsoft means the main domains used by the attacks have been shut down.
“This unique civil case against COVID-19-themed business email compromise attack has allowed us to proactively disable key domains that are part of the criminals’ malicious infrastructure, which is a critical step in protecting our customers,” Burt said.
There has been a huge jump in COVID-19-related online scams, with the Australian cyber Security Centre reporting in April that two Australians per day were falling victim to the malicious tactic.
The ACSC said there has been a “significant increase in Australians being targeted with COVID-19 themed scams, fraud attempts and deceptive email schemes”, with reports of more than 95 cybercrimes in a month from 10 March.
“Cybercrime actors are pivoting their online criminal methods to take advantage of the COVID-19 pandemic,” the ACSC said in an alert.
“These scams have continued to increase over the past month and the ACSC strongly encourages organisations and individuals to remain alert and follow advice on how to protect yourself and your business.”
A global hacker society has also recently united to help protect healthcare organisations from cyberattacks.
By the end of May, the group had identified and lodged takedown notices for nearly 3,000 cybercriminal domains, including 17 domains trying to emulate government bodies such as the World Health Organisation and the United Nations.
The group also identified more than 2,000 vulnerabilities in healthcare institutions that could have been exploited by malicious hackers.