VIP Impersonation Phishing Attack in Microsoft Office 365 targeted 100,000 Users

Security researchers at Amorblox recently published a report on a phishing impersonation attack in a Microsoft Office 365 environment that targeted 100,000 mailboxes at a large educational institution. The researchers were able to thwart the attack by using Natural Language Understanding, which is a type of artificial intelligence program.

The attack consisted of threat actors spoofing the emails of two high-level directors, along with an email signature that consisted of the director’s full name, credentials, and title at the organization. The threat actors then attempted to send the fraudulent email to 100,00 end users in the organization. The email subject and content sought to create a sense of trust and urgency in the victims, with the attackers claiming a confidential task needed to be completed in an “Urgent request.” The likely end goal of the attackers was to obtain confidential business information and employee credentials and make a request for financial data or activity, such as wire transfers. The email attack had a socially engineered payload, using language as the main attack vector to bypass Microsoft Office 365 email security controls. In addition, the threat actor used a trusted email domain, only altering the sender’s name and email signature to align with the employee being impersonated. Indeed, water and wastewater systems of all sizes continue to experience impersonation-style phishing attacks such as Business Email Compromise (BEC), and specifically Vendor Email Compromise (VEC). To defend against this activity, members should conduct frequent security awareness training. Awareness training helps cybersecurity professionals better manage human risk by altering how employees think about cybersecurity and teaching them to carefully consider their behaviors. Read more at SC Media.