Microsoft, the renowned technology giant based in the United States, has recently made headlines due to targeted spear phishing campaigns aimed at thousands of individual accounts utilizing Microsoft 365 and Azure Services. These attacks, which have been active since November 2023, specifically target sales directors, managers, finance professionals, vice presidents, presidents, as well as CTOs and CIOs.
Proofpoint, Inc., an American cybersecurity firm, uncovered these incidents. They identified that the attacks involve the distribution of weaponized documents containing embedded links within emails. Clicking on these links redirects users to malicious webpages, where a malware payload is downloaded. This payload can potentially evolve into an intelligence-gathering tool, perpetrate financial fraud, or execute data exfiltration and ransomware attacks.
Initially, it was believed that the attacks were limited to users of MS Office. However, further investigation revealed that threat actors had compromised Azure accounts, gaining access to extensive datasets.
To mitigate the risks associated with such attacks, organizations are advised to implement measures such as enforcing regular password changes, monitoring IT systems for anomalies, blocking account takeovers, employing proactive defense tools against brute force attacks and email threats, and deploying remediation policies to minimize downtime losses.
In other news related to enterprise security, Proofpoint is reportedly planning to reduce its workforce by approximately 6% by the end of 2024, according to a report by Calcalist, an Israeli economic news outlet. This decision is expected to affect around 260-280 employees, excluding C-level executives.