A huge phishing campaign targeting Office 365 has been identified by Microsoft. This phishing attack uses smart evasion properties, including defense evasion and social engineering, to sneak into networks. Since this campaign targets enterprises, it’s important for businesses to understand how this phishing attack works and why it can't be detected by regular security checkpoints.

Evasion techniques in brief

Hackers have employed a credential stealing technique that uses redirecting URLs. These URLS can identify the source of incoming connections, which means that the redirection only works for real users. If the connection is a security check (e.g., from a sandbox environment), the redirection won't work and the connection is led to the legitimate website.

With this unique detection evasion mechanism, the phishers have ensured that their campaign will not create unnecessary attention among security researchers, increasing the success rate of their hack.

Another feature of this attack is that it’s garbled enough to evade secure email gateways, giving it maximum immunity against security detection methods. Besides these features, the phishing campaign uses social-engineered email messages with terms like “password update,” “secure your account,” “help desk ticket,” “conferences,” and “meeting bridges,” all of which are likely to lure targets now that most employees are working remotely. The campaign also uses specially crafted, unique subdomains.

All the evasion techniques mentioned above make this phishing campaign more worrisome for enterprises.

Educate your employees periodically

Phishing campaigns with such precision are challenging to detect. That is why enterprises are requested to maintain robust security as always and also educate their employees about evolving cyberattacks and how delusive they can be.

Cybersecurity strategies can never be 100-percent effective, and that's why the Japanese concept of kaizen, or “continuous improvement,” is so important for cybersecurity efforts. The most effective cybersecurity strategies combine various components like frameworks, policies, architectures, data management, tools, and employee awareness. Organizations must maintain their cybersecurity at the highest level of precision to keep cyberattacks away.