Microsoft 365 infrastructure has been leveraged in new business email compromise campaigns seeking to execute credentials compromise and account takeover intrusions while circumventing security measures, reports SC Media.
Threat actors have been using legitimate Microsoft domains to deliver malicious emails that integrate Microsoft's logos, display name fields, and organizational metadata to spread malware without being detected by DMARC enforcement, domain reputation analysis, and anti-spoofing techniques, according to a report from cybersecurity platform Guardz.
"The result is a highly deceptive attack that exploits inherent trust in Microsoft’s cloud services, making it significantly more challenging for security teams to detect and mitigate," said Guardz researchers.
This news should prompt the adoption of more sophisticated tenant manipulation- and organization spoofing-detection systems, as well as real-time threat scanning tools, noted Stephen Kowski, Field CTO at SlashNext Email Security. Meanwhile, Nicole Carignan, Field CISO and senior vice president of security and AI strategy at Darktrace, encouraged the use of machine learning tools in identifying BEC attacks.
