Office 365 Phishing Campaign Exploits Servers

by | Dec 11, 2022

The use of Office 365 in the business sector has grown significantly in the last few years. Its success has attracted the attention of cybercriminals who deliberately conduct phishing campaigns to target the site. As 90 percent of cyber-attacks begin with a phishing campaign, Office 365 is an enticing target for threatening actors seeking to circumvent the continuously implemented security solutions.

Office 365 phishing campaign exposed

An apparently unimaginative Office 365 phishing Campaign recently caught our attention. The attackers exploited a redirection system for the Adobe Project, using a Samsung domain to redirect victims to an Office 365 phishing website on the topic. The hackers benefit from the fact that protection software does not block access to a reputable domain, such as Samsung’s.

The attackers also compromised several websites to insert a script to extend their operation, imitating the same method provided by the Adobe redirection service. More research revealed that the actors behind the campaign introduced a few other fascinating techniques to cover the phishing kit at each point of the attack and avoid detection. This report will summarise what we learned about this Office 365 phishing campaign, which used trusted infrastructure to allow for a new attack.

In the case of leveraging one flaw, neither Adobe nor Samsung is affected. Samsung’s Adobe Campaign server was left open to handle campaigns that did not actually form part of the marketing activities of the organization.

A redirection function redirects users to a specified destination in the URL they just clicked on. For example, this enables campaign managers to gauge and track ongoing promotional activities by logging in each positive visit before redirecting the user to an ad page.

Oxford’s Hijacked E-mail Server

In early April 2020, researchers started to monitor emails sent to victims called “Office 365 Voice Mail” The emails suggested an incoming voice message was waiting in the voice portal of a victim, encouraging users to click on a button that allegedly would take them to their Office 365 account for further action. They have been redirected to an Office 365 phishing page masquerading as the Office 365 login page after the victims clicked on the button.

Most of the emails came from multiple generated addresses belonging to legitimate subdomains from various University of Oxford departments. The email headers indicate that the hackers have found a way to exploit one of Oxford’s SMTP (simple mail transfer protocol) servers, an application mainly intended to send, receive, and/or transmit outgoing mail between email senders and receivers. Using legitimate Oxford SMTP servers has allowed hackers to pass the credibility test needed by sender domain security measures

Samsung’s Trusted URL redirects

During the past year, phishing campaigns used Google and Adobe open redirects to add credibility to the URLs used in spam emails. An open redirect is a URL on a website that anybody can use to redirect users to a specific location. In this situation, the links in the email have been redirected to an Adobe server previously used by Samsung during a marketing campaign for Cyber Monday 2018. In other words, the link embedded in the original phishing email is part of the trusted Samsung domain stem-one that unknowingly redirects victims to a hacker-hosted website. By using the same Adobe Campaign connect format and the legal domain, the attackers improved the email’s chances to circumvent reputation-based email protection solutions, blacklists, and URL patterns.

How to protect yourself against Office 365 phishing attacks and other cloud services, Bitsys Technologies offers three tips:

  1. Use different Cloud application passwords. Segregation protects one ‘s assets when exposed.
  2. Using Protection tools for Cloud and email. The fact that these projects are working means that the solution to native protection is easy to circumvent. Using the protection solutions for cloud and email to remove threats to your email and secure your cloud infrastructure.

Don’t enter your credentials if you weren’t planning to. It’s always fraud in disguise

Conclusion

The attackers in this Office 365 Phishing campaign used multiple mechanisms at each stage to bypass security solutions.

  1. Using an Oxford email server to send spam allows them to circumvent credibility filters on the sender and use email addresses created instead of compromised actual accounts.
  2. Links inside the email point to a reputable Samsung-owned domain.
  3. A series of redirects lead to a phishing website that is absolutely bogged down.

The attackers continuously developed and enhanced the redirection system to be independent of a specific domain and the Adobe Campaign servers during the short campaign period

The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.

Microsoft Office 365 phishing campaign exploits Samsung, Adobe, and Oxford University. Mail servers to send the initial email abused an Adobe Campaign.

How to get Microsoft Defender Health on Mac Fleet

Managing Macs for multiple companies gives us the opportunity to work in various environment and detect issues where it occurs first & then implement a solution for all others at the same time. Recently there was a requirement to find if there are MDD instances...

Implementing Machine Learning in IT Support Setup

Machine learning has the potential to revolutionize the way IT support businesses operate. This cutting-edge technology can be applied in a number of ways to improve the efficiency, accuracy, and speed of IT support services. Here are some ways that machine learning...

Benefits of Apple Business Managers

Apple Business Manager is a web-based platform designed to streamline the process of purchasing, deploying, and managing Apple devices within a business organization. It allows IT administrators to manage and distribute Apple devices and apps to their employees,...

Adoption of Macs in Enterprise: A Growing Trend

This image belongs to Kandji.io In recent years, there has been a growing trend of enterprises adopting Macs as their primary desktop and laptop computers. This shift in technology can be attributed to several factors, including...

ESG as future of IT

ESG, or environmental, social, and governance, is becoming increasingly important in the field of IT. As technology continues to advance and play a larger role in our daily lives, companies are being held to higher standards in terms of their impact on the environment...

Secure Your Mac with FileVault

FileVault is a built-in encryption tool for Macs that helps protect your data from unauthorized access by encrypting your hard drive. Enabling FileVault is a simple process that only takes a few minutes, and it can give you peace of mind knowing that your data is safe...

Is outsourcing IT to India is better or keeping it inhouse?

There are pros and cons to both outsourcing IT services to India and keeping IT within the company. Ultimately, the decision to outsource or keep IT in-house will depend on the specific needs and goals of the company, as well as the resources and capabilities...

How to be a good SCRUM Master

In an Agile development team, the Scrum Master is a crucial role that helps the team to work effectively and efficiently. A Scrum Master is responsible for facilitating the team's use of the Scrum framework and ensuring that the team is able to deliver high-quality...

Basics of Enterprise Patch Management

Enterprise patch management is the process of ensuring that all the software and applications within an organization are kept up-to-date with the latest patches and updates. This is important because software and applications are constantly being improved and updated...

Cost saving for enterprises by choosing M1 Macs

The M1 Mac has had a significant impact on the enterprise market since its release. As a highly-efficient and powerful machine, the M1 Mac has proven to be a valuable asset to businesses in a variety of industries. One of the key benefits of the M1 Mac is its improved...

CRM Is A Process, Not A Product! How Can We Make CRM A Successful Tool?

CRM (Customer Relationship Management) is software that allows businesses to manage business relationships and information associated with them. It provides a platform that manages interactions with customers, stores information about them, and automates processes...

WE OFFER

Digital Workplace Services

MAC SUPPORT
Automated Tasks

DIGITAL WORKPLACE
 Office IT Support

MODERN WORKPLACE
Intune for Win & Mac

VIRTUAL DESKTOPS
Citrix Virtual Apps

MODERN WORKPLACE
Mac Win iOS Android

ONSITE TECHIES
Mac & Win Trained