In the war against phishing, Microsoft’s latest strategy involves creating fake tenants on its Azure platform to lure attackers into decoy environments. Ross Bevington, one of Microsoft’s top security engineers, gave insights into this system at the BSides Exeter conference. The honeypot network tricks hackers into engaging with these phony accounts for weeks, wasting their time and gathering vital intelligence on their tactics.
Phishers trying to break into what they think are legitimate accounts are in fact walking into traps. Microsoft has turned entire Azure tenant environments into realistic-looking setups, filled with false internal communications and activity. This tactic buys defenders more time and lets Microsoft understand the way cybercriminals operate in real-time.
While Microsoft’s honeypots and decoy tenants are an important tool in defending against phishing, they are just one part of a much bigger challenge. With AI enabling cybercriminals to scale their attacks faster and more effectively, and vulnerabilities still lurking in Microsoft’s own systems, the battle against phishing is far from over.
Security Loophole in Microsoft 365 Anti-Phishing Tool Raises Concerns
But while the company is running these clever operations on one front, it’s also facing challenges on another. A flaw found back in August in Microsoft 365’s anti-phishing feature shows that attackers are getting smarter too. Researchers discovered that they could easily manipulate the HTML in emails to hide the ‘First Contact Safety Tip’ feature using CSS. This feature is supposed to warn users when they receive emails from unknown senders, but hackers found a way to make the alert disappear.
The glitch was found in Microsoft Outlook’s warning system, allowing attackers to tweak the appearance of their emails and trick recipients into thinking the message was safe. Researchers shared the issue with Microsoft, but the company didn’t rush to fix it, marking the problem for a future update.
QR Code Phishing Hits Microsoft Sway Users
August didn’t just bring one issue for Microsoft—it also marked a massive increase in phishing attempts using Microsoft Sway, an online presentation tool. According to Netskope Threat Labs, QR code phishing attacks linked to Sway spiked by 2,000% last August. Sectors like tech and finance in North America and Asia were among the hardest hit.
These phishing emails tricked users into scanning QR codes that redirected them to malicious websites, primarily targeting mobile devices that typically lack the same level of security as desktops. By embedding URLs in QR codes, the attackers were able to bypass many email scanning tools, allowing their phishing emails to slip through undetected.
AI-Driven Phishing Attacks on the Rise
Microsoft’s October 2024 report revealed that cybercriminals are now using artificial intelligence to supercharge their phishing operations. Every day, over 600 million cyberattacks occur, many of which are powered by AI tools that can automate complex phishing strategies. These aren’t just random criminals either—nation-state hackers from countries like Russia and North Korea have jumped on the AI bandwagon, using it to refine their operations.
The rise of AI in cyberattacks is making things harder for defenders, who now have to deal with faster and more convincing phishing schemes. Microsoft has noticed attackers using AI to generate phishing emails that look nearly identical to legitimate ones, making it harder for users to spot the difference. The use of AI has also enabled hackers to crack multi-factor authentication systems, putting even more pressure on security measures.
Last Updated on November 7, 2024 2:23 pm CET
