• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Microsoft Adds Anti-Phishing ‘Campaign Views’ to Office 365 ATP

ATTACKERS VERIFY O365 CREDENTIALS ON AZURE AD

December 22, 2020
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

February 23, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

February 22, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

February 22, 2021
8×8 makes raft of updates to platform

Indonesian Mobile Operator Selects NTT for Microsoft Security Project

February 22, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

NTT completes Microsoft security project for Indonesian mobile operator

February 19, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Data insights without limit, security without compromise

February 18, 2021
8×8 makes raft of updates to platform

What Is Object Storage?

February 17, 2021
Microsoft To Open Azure Cloud Data Center Region In Spain

EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

February 17, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Azure Firewall Premium now in preview

February 17, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, February 25, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    Innovative solutions for IT workers at home

    ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

    A moment of reckoning: the need for a strong and global cybersecurity response

    ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

    Innovative solutions for IT workers at home

    SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

    8×8 makes raft of updates to platform

    Indonesian Mobile Operator Selects NTT for Microsoft Security Project

    Microsoft To Build New Azure Cloud Data Centers In Greece

    NTT completes Microsoft security project for Indonesian mobile operator

    A moment of reckoning: the need for a strong and global cybersecurity response

    Data insights without limit, security without compromise

    8×8 makes raft of updates to platform

    What Is Object Storage?

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Firewall Premium now in preview

    Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

    Global Industrial Cybersecurity Market By Offering Type, By Security Type, By End User, By Region, Industry Analysis and Forecast, 2020 – 2026

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

    Microsoft To Open Azure Cloud Data Center Region In Spain

    EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Engineer at VillageMD

    Innovative solutions for IT workers at home

    How to Sync On-Premise Active Directory Passwords with Office 365 and Google Apps in Real-Time

    Microsoft Azure Forms Collaboration to Enhance AI in Healthcare

    Azure Defender is now available for all IoT and OT devices

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Google and Microsoft ID Group Targeting Security Researchers

    Innovative solutions for IT workers at home

    Microsoft Releases Application Guard for Office, Plus Azure Security Center and Azure Defender for IoT Products

    Microsoft spins off security, compliance bits from Microsoft 365’s priciest plan for E3 customers

    Show your HR backups the back door

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    The Hack Roundup: Biden Orders Intel Assessment of Suspected Russian Malfeasance

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home News Business

ATTACKERS VERIFY O365 CREDENTIALS ON AZURE AD

by AZURE SECURITY NEWS EDITOR
December 22, 2020
in Business
0
Microsoft Adds Anti-Phishing ‘Campaign Views’ to Office 365 ATP
491
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

Attackers are cross-checking stolen Office 365 credentials on Azure Active Directory in real-time after victims type them into a malicious phishing page.

When users enter their Office 365 credentials into a phishing page, the malicious page makes a call to the Office 365 API to instantly verify the credentials against the organization’s Azure Active Directory infrastructure, Armorblox researchers said. Authentication APIs are commonly used by applications and servers to access certain types of user data. The attackers are cross-checking credentials in real-time and accessing the account before the victim even realizes something went wrong and takes steps to fix the situation.

“This immediate feedback allows the attacker to respond intelligently during the attack,” Armorblox wrote.

If the verification is successful, the user is redirected to zoom.com, the videoconferencing site. If the entered credentials are incorrect, the victim is redirected to login.microsoftonline.com to potentially hide the attempt to steal credentials. If the credentials are wrong, the user would not be alarmed or suspect a phishing attack. If the entered password text is empty or too short, the user is forced to reenter the values.

“Our threat researchers verified the real-time nature of the site by updating the script with a test login and a dummy password and saw a failed login attempt from Provo, Utah in the Azure Active Directory Sign-In portal,” the researchers said.

The phishing scams are likely targeted and not spray and pray

There is no special vulnerability being exploited here—the attackers are just being very creative about how they are using the APIs.

Armorblox analyzed a campaign in which the victim, a senior executive at a large enterprise company, received a message containing a file designed to look like a payment remittance report. When the victim tried to open the file attachment, the victim saw a page resembling the organization’s Office 365 sign-in page with a message, “Because you’re accessing sensitive info, you need to verify your password.” The phishing messages were sent using Amazon Simple Email Service to bypass DKIM (Domai Keys Identified Mail) and SPF (Sender Policy Framework) checks on the mail server.

Armorblox researchers concluded this was part of a very targeted spear-phishing campaign, as the phishing page used the correct domain name. The enterprise had recently changed domains so that the email address and Active Directory used different domain names. The attackers were aware of the change, leading researchers to believe the attackers had put in some effort researching the organization and the executive. The attack page also appears to not have been used all that often, suggesting that attackers are very careful about which individuals they are targeting.

“Our estimates show there have been 120 odd visits to this website globally since the beginning of June. The sparse number shows that the phishing scams are likely targeted and not spray and pray,” Armorblox said.

This was not a fly-by-night, amateur operation. The phishing email was generated via a customizable toolkit. The kit itself appeared to be well-written with thorough code comments with instructions on how to customize the kit to point to a specific target, Armorblox said. It was also global.

Remediation will need to be “thorough.”

The attacker “customized a Malay language toolkit to attack an executive based in southwest United States using a domain registered in Singapore that’s hosted in the northwest United States by a hosting company based out of India,” Armorblox said.

Attackers typically make the effort to steal Office 365 credentials because those usernames and passwords may be protecting more than just documents and other files. The organization may be relying on those usernames and passwords to handle authentication for its network environment. If attackers get their hands onto legitimate Office 365 credentials, those attackers also have access to all the sites integrated into Active Directory federated with Azure.

“The attacker is also immediately aware of a live compromised credential and allows him to potentially ingratiate himself into the compromised account before any remediation,” Armorblox said.

Remediation in this case will need to be “thorough,” Armorblox said. Administrators will need to look at all outbound emails that have been sent, check to see what kind of changes have been made to accounts (such as auto-forwarding messages to an external mailbox), and review any third-party apps that have been granted access to Office 365. Administrators will also need to go over all activity across all Office 365 properties, such as Word, Excel, and OneDrive.

Organizations need to think about how they protect Office 365 users, since they are highly attractive targets and vulnerable to attack. Compromising Office 365 credentials isn’t an attack technique exclusive to phishing groups. Microsoft researchers believe Russia-linked threat group APT28 is using password-spraying and brute-force to harvest Office 365 credentials belonging to organizations in the United States and United Kingdom directly involved in elections.

APT28 is likely targeting Office 365 in order to be able to move laterally through organization networks or mount espionage campaigns. Microsoft said APT28 unsuccessfully targeted nearly 7,000 Office 365 accounts across 28 organizations between Aug. 18 and Sept. 3.

Reference:https://duo.com/decipher/attackers-verify-o365-credentials-on-azure-ad

Share196Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

by AZURE SECURITY NEWS EDITOR
February 24, 2021
0

Native integration with ZEDEDA’s orchestration solution for the distributed edge enables end-to-end remote management of the entire Azure IoT Edge...

A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

by AZURE SECURITY NEWS EDITOR
February 23, 2021
0

Microsoft has reconfirmed that the "Solorigate" advanced persistent threat attackers saw some of its source code, although "only a few individual files...

8×8 makes raft of updates to platform

Indonesian Mobile Operator Selects NTT for Microsoft Security Project

by AZURE SECURITY NEWS EDITOR
February 22, 2021
0

NTT last week announced the completion of its first Microsoft Security Project for a cellular operator in Indonesia. The engagement with NTT...

Microsoft To Build New Azure Cloud Data Centers In Greece

NTT completes Microsoft security project for Indonesian mobile operator

by AZURE SECURITY NEWS EDITOR
February 19, 2021
0

NTT has completed its first Microsoft Security Project for a mobile operator in Indonesia. The engagement with NTT includes consulting,...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In