McAfee’s threat research team published new research on an investigation made into a malicious email campaign found to be targeting Microsoft Office 365 users in the tourism and entertainment industries, as well as financial, IT services and more.
Malware campaigns have been rife this year with incidents taking place one after another. Just last week, the ACSC issued a national alert warning of a widespread malware campaign linked to a recent attack on regional hospitals and health services.
With cyberattacks becoming increasingly complex, targeting industries beyond the private sector and through mediums beyond the traditional email, is it time to consider a reassessment of security measures for the industry wide?
The details of the campaign include:
- The cybercriminals behind the operation used fake voicemail messages as their lure – after clicking on the file, users would hear someone say “hello” before the audio was cut by a prompt to enter their email credentials to listen to the full clip.
- Moreover, not just one, but three different malicious kits were used as part of this campaign – demonstrating an active focus on cloud platforms like Microsoft 365
- The cybercriminals went to great lengths to make their malicious motives undetectable: once victims enter their password, the user is presented with a successful login page and redirected to the office.com login page