Increased Office 365 Cyber Phishing Attacks Related to COVID-19
I. Targeted Industries
- Higher Education
- Financial Services
- Independent Companies
II. IntroductionWith the transition to remote work and online learning, institutions of higher education, companies across the nation, and governmental organizations have an increased risk of phishing scams. As reported by Recorded Future, the last two months have shown an increase of cyberattacks, wherein COVID-19 is used as a phishing lure1. Attackers are sending spoofed emails, that mimic Office 365 services, prompting users to click links and enter their credentials, allowing attackers access to their systems. Most recently, an attacker created an email that appeared to be from a university’s health team with a URL link that mimicked an Office 365 login page and prompted users to login.2
III. Background InformationOffice 365 phishing attacks are an ongoing threat. Phishing attacks aimed at Office 365 users are delivered in a well-designed, spoof page that mimics the service. Attackers have also replicated Microsoft’s login page, which will prompt users to login with their credentials and allow attackers to access their accounts, allowing them to obtain PII, as well as access all systems and applications linked to those credentials. Emails sent out may resemble those sent out by the organization, prompting users to click on links to check for COVID-19 pandemic updates. The links provided lead to an Office 365 or OneDrive account, which prompts users to log in.3,4 With the current transition to online learning and remote work, students and employees must be aware of these threats. Users should stay informed regarding the cyber threats they are likely to encounter while working and learning remotely.
- Implement Multifactor Authentication in O365 Multifactor authentication adds an extra layer of security when a user logs in and provides alerts when someone is trying to use their credentials. Recommended links: For IT administrators: https://docs.microsoft.com/en-us/microsoft-365/admin/security-andcompliance/set-up-multi-factor-authentication?view=o365-worldwideFor end-users: https://support.office.com/en-us/article/set-up-2-step-verification-for-office-365-ace1d096-61e5-449b-a875-58eb3d74de14
- Utilize a Password Manager Password managers allow users to encrypt and store passwords for various accounts. This prevents credential theft from being too damaging by enabling an easy user experience for assuring strong, unique passwords across multiple user accounts. More information: https://www.cnet.com/news/best-password-managers-for-2020/
- Reinforce Cybersecurity Awareness with End-Users As individuals transition to remote work environments, now would be a good time to reinforce several key elements of cybersecurity awareness. Specifically:
- Phishing Awareness Training Organizations should provide end users with additional education pertaining to the increased threat of phishing attacks. Recommended link: https://www.us-cert.gov/ncas/tips/ST04-014
- Safe Browsing Techniques Users should be educated on safe browsing techniques to ensure they are conscious of anything malicious they may come in contact with. Similar to phishing awareness training, this is a good time to remind users of safe browsing techniques.Recommended link: https://www.us-cert.gov/ncas/tips/ST07-001
- Support Channel Emphasize the importance of users contacting support directly if anything seems suspicious about the services provided—preferably before clicking on suspicious links. Provide employees with contact methods to reach out to your organization’s support.
- Virtual Private Network (VPN) Employees should be encouraged to use the virtual private network provided by their organization.
- Anti-Phishing Policies Office 365 ATP anti-phishing policies can protect universities and private institutions to ensure threats are stopped before they begin targeting individuals. Suggested Article: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide
V. Indicators of Compromise (IOCs)Some email systems block files. You can visit the link below to download the identified IOC’s related to this Threat Advisory Report. https://usf.box.com/s/fkvosr24c4abwerv9qfwqxso17kstjnp
VI. References/FootnotesBest, Lonnie (October 28, 2019). “Phishing Attack: How Attackers Harvest Microsoft 365 Credentials.” Rapid7 Blog. https://blog.rapid7.com/2019/08/20/how-attackers-can-harvest-usersmicrosoft-365-credentials-with-new-phishing-campaign/ 1“Capitalizing on Coronavirus Panic, Threat Actors Target Victims Worldwide.” Recorded Future. March 12, 2020. https://www.recordedfuture.com/coronavirus-panic-exploit/. Howes, Eric (Accessed March 18, 2020). “Heads-Up: Malicious Actors Want to Join Your Team!” Blog. https://blog.knowbe4.com/heads-up-malicious-actors-want-to-join-your-team 2“Abnormal Attack Stories #6: Coronavirus Credential Theft.” Abnormal Security. March 13, 2020. https://abnormalsecurity.com/blog/abnormal-attack-stories-6-coronavirus-credential-theft/. 3Goodin, Dan. “The Internet Is Drowning in COVID-19-Related Malware and Phishing Scams.” Ars Technica. March 16, 2020. https://arstechnica.com/information-technology/2020/03/the-internet-isdrowning-in-covid-19-related-malware-and-phishing-scams/. 4Castillo, Amanda del. “Coronavirus: Cybercriminals Profit off COVID-19 Fears; Here Are Ways to Secure Your Information and Connection.” ABC7 San Francisco, March 19, 2020. https://abc7news.com/6026745/. 5“Securing Office 365 against the Latest Threats.” Redscan, March 18, 2020. https://www.redscan.com/news/securing-office-365/.
This content is made available by the Florida Center for Cybersecurity for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney and/or cybersecurity professional with the sufficient expertise necessary to address your organization’s specific needs. Use of this site does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.