Microsoft Reports on the Cleverest Phishing Tactics of 2019
While for individuals it is frustrating — and threatening — how quickly cyber-criminals are evolving, for cybersecurity providers it is a matter of amused contemplation. Studying cases upon cases of successful cyber-attacks helps security providers reverse engineer tactics of the hackers to provide countermeasures preemptively. In that vein, as the year draws to a close, Microsoft has released some of the cleverest phishing tactics it encountered in 2019, in a comprehensive report. If you’re an organization interested in strengthening your online security arsenal, stick around; some of these tactics may help you gain a better understanding of the techniques used by phishers.
1.1 Messing with Search Results
The internet has become a live creature now, having an existence of its own. As such, search engines appreciate keywords and inter-linking as it helps them crawl the entire www space. A lot of hackers simply misused this fact. Here’s how Search Results were shown to be hijacked:
- Crooks divert web traffic from legitimate sites to their maleficent, bogus websites.
- The domains go on to become the top Google search result for very specific terms. The attackers achieve this by using garbled words like “hOJo55XatrCPy.” as target keywords.
- Phishers send emails to victims linking the Google search result for that specific term
- If the victim clicks the Google link, and then the top result, they’d land on an attacker -controlled website
- This website would then redirect the user to a phishing page, provided you were in the locality targeted by the attackers.
1.2 404 Not Found
Attackers used custom, malicious phishing URLs for broken or dead links (non-existent pages). When Microsoft’s own security mechanisms scan the link, they receive a 404-error back (because the link points to a non-existent resource). Microsoft would deem the link safe.
However, if a real user accessed the URL, the phishing site would detect the user and redirect them to an actual phishing page instead of the server’s standard 404 error page. Subdomain-generating code bytes helped attackers generate practically unlimited phishing URLs.
1.3 Man In The Middle
Microsoft details its experience with a MitM Server which was used as a phishing tool. In Microsoft’s own words:
“One particular phishing campaign in 2019 took impersonation to the next level. Instead of attackers copying elements from the spoofed legitimate website, a man-in-the-middle component captured company-specific information like logos, banners, text, and background images from Microsoft’s rendering site. […] The result was the exact same experience as the legitimate sign-in page, which could significantly reduce suspicion.”
However, this dummy page creation tactic came with a drawback that alerted most cyber-aware internet users: the hyperlink. The page URL isn’t legitimately Microsoft’s, but instead reveals the address location of the phishing site. Just goes to show how a little knowledge can save someone from becoming a victim.
At Logix, we believe security is paramount. We design products and services that you can rely on so that much of the heavy lifting can be taken off your shoulders. Would you like to have better visibility and control, to identify sophisticated targeted cyber threats more easily in your enterprise network, program & system?
Logix since 1999, is a committed and acknowledged provider of managed services, solutions and products in the Cyber security space with a dedicated team of nearly 20+ professionals supporting Business enterprises across PAN India from Banks, Government entities to Financial Institutions. With a strong focus on research and innovation, we have built extensive capability around Big Data for Security Analytics, Response, and Security Automation.
Our prime focus lies in managing & deploying NGFW solutions of multiple OEMs. We manage over 1500 + SMB/Mid-Enterprise / Enterprise Customers, providing constant monitoring & handhold support 24*7*365.
Our eShop has packages for organizations as well as individuals. If this seems like something you’d be interested in, drop by to ask your queries. We would love to answer all of them.