Cybercriminals are preying on people’s fear during the COVID-19 pandemic to steal sensitive information and spread malware for profit.
“Customers are asking us what Microsoft is doing to help protect them from these types of attacks, and what they can do to better protect themselves,” Microsoft’s Tanmay Ganacharya writes. We thought this would be a useful time to recap how our automated detection and signal-sharing works to protect customers (with a specific recent example) as well as share some best practices you can use personally to stay safe from phishing attempts.”
According to Microsoft, 91 percent of all cyberattacks originate in email. And on that note, Microsoft’s email services provide what the company calls a “multi-layered defense system” that will hopefully shut down email attacks quickly.
“An interesting example of this in action occurred earlier this month, when an attacker launched a spear-phishing campaign that lasted less than 30 minutes,” Ganacharya explains. “Attackers crafted an email designed to look like a legitimate supply chain risk report for food coloring additives with an update based on disruptions due to coronavirus. The attachment, however, was malicious and delivered a sophisticated, multi-layer payload based on the Lokibot trojan.”
Had this attack been successful, hackers could have stolen personal information from the victims, including credentials that could have been used for further attacks. But no customers were impacted by the attack, Microsoft says.
As far as what you can do, Microsoft has a few ideas:
You should check out the original Microsoft post for more detailed information.
There are no conversations