• Legal Era India
  • Legal Era Global
  • Membership
  • Sign inSUBSCRIBE
Legal Era
X
Sign in
  • Home
  • News
    +
    • From the Courts
    • Policy & Law
    • Supreme Court (India)
    • High Court (India)
    • TAX Updates
    • MARKET WATCH
    • Deal Street
    • Global Insights
    • IBC Cases
    • Hires & Moves
    • IP News
    • Competition Verdict
    • Global Articles
    • Global Deals
  • Articles
    +
    • ABOUT THE LAW
    • AWARDS & ACCOLADES
    • Aerospace
    • Agriculture
    • Alternate Dispute Resolution
    • Banking and Finance
    • Bankruptcy
    • Book Review
    • Bribery & Corruption
    • Commercial Litigation
    • Competition Law
    • Conference Reports
    • Consumer Products
    • Contract
    • Corporate Governance
    • Corporate Law
    • Covid-19
    • Cryptocurrency
    • Cybersecurity
    • Data Protection
    • Defence
    • Digital Economy
    • E-commerce
    • Employment Law
    • Energy and Natural Resources
    • Entertainment and Sports Law
    • Environmental Law
    • FDI
    • Food and Beverage
    • Health Care
    • IBC Diaries
    • Insurance Law
    • Intellectual Property
    • International Law
    • Labour Laws
    • Litigation
    • Litigation Funding
    • Manufacturing
    • Mergers & Acquisitions
    • NFTs
    • Privacy
    • Private Equity
    • Project Finance
    • Real Estate
    • Risk and Compliance
    • Technology Media and Telecom
    • Tributes
    • Zoom In
    • Take On Board
    • In Focus
    • Law & Policy and Regulation
    • IP & Tech Era
    • Viewpoint
    • Arbitration & Mediation
    • Tax
    • Student Corner
    • ESG
    • Gaming
    • Inclusion & Diversity
  • Law Firms
    +
    • Global Law Firm
    • Asia Law Firm
    • India Law Firm
  • In-House
  • Rankings
  • E-Magazine
  • Legal Era TV
  • Legal Era TV
  • Events
  • News
    • From the Courts
    • Policy & Law
    • Supreme Court (India)
    • High Court (India)
    • TAX Updates
    • MARKET WATCH
    • Deal Street
    • Global Insights
    • IBC Cases
    • Hires & Moves
    • IP News
    • Competition Verdict
    • Global Articles
    • Global Deals
  • Articles
    • ABOUT THE LAW
    • AWARDS & ACCOLADES
    • Aerospace
    • Agriculture
    • Alternate Dispute Resolution
    • Banking and Finance
    • Bankruptcy
    • Book Review
    • Bribery & Corruption
    • Commercial Litigation
    • Competition Law
    • Conference Reports
    • Consumer Products
    • Contract
    • Corporate Governance
    • Corporate Law
    • Covid-19
    • Cryptocurrency
    • Cybersecurity
    • Data Protection
    • Defence
    • Digital Economy
    • E-commerce
    • Employment Law
    • Energy and Natural Resources
    • Entertainment and Sports Law
    • Environmental Law
    • FDI
    • Food and Beverage
    • Health Care
    • IBC Diaries
    • Insurance Law
    • Intellectual Property
    • International Law
    • Labour Laws
    • Litigation
    • Litigation Funding
    • Manufacturing
    • Mergers & Acquisitions
    • NFTs
    • Privacy
    • Private Equity
    • Project Finance
    • Real Estate
    • Risk and Compliance
    • Technology Media and Telecom
    • Tributes
    • Zoom In
    • Take On Board
    • In Focus
    • Law & Policy and Regulation
    • IP & Tech Era
    • Viewpoint
    • Arbitration & Mediation
    • Tax
    • Student Corner
    • ESG
    • Gaming
    • Inclusion & Diversity
  • Law Firms
    • Global Law Firm
    • Asia Law Firm
    • India Law Firm
  • In-House
  • Rankings
  • E-Magazine
  • Legal Era TV
  • Legal Era TV
  • Events

Top Stories

HomeNewsGlobal InsightsAmerica
8 July 2020 7:28 AM GMT

Microsoft busts hackers who used Covid-19 as bait to lure customers

By Legal Era

A United States Court has allowed Microsoft to seize control of key domains of cyber criminals who used COVID-19-related lures in the phishing emails to target its customers in 62 countries and access Office 365 account contents, including email, contacts, notes and material.The US District Court for the Eastern District of Virginia on Tuesday unsealed documents detailing Microsoft’s work...

ToRead the Full Story, Subscribe to Legal Era

Access the exclusive LEGAL ERAStories,Editorial and Expert Opinion

Subscribe Now
AlreadyaSubscriber?SigninNow
View Plans

Microsoft

A United States Court has allowed Microsoft to seize control of key domains of cyber criminals who used COVID-19-related lures in the phishing emails to target its customers in 62 countries and access Office 365 account contents, including email, contacts, notes and material.

The US District Court for the Eastern District of Virginia on Tuesday unsealed documents detailing Microsoft’s work to disrupt cybercriminals that were taking advantage of the COVID-19 pandemic in an attempt to defraud its users.

Microsoft’s Digital Crimes Unit (DCU) first observed these criminals in December 2019, when they deployed a sophisticated, new phishing scheme designed to compromise customer accounts. Microsoft later observed renewed attempts by the same criminals, this time using COVID-19-related lures in the phishing emails to target victims.

“This malicious activity is yet another form of business email compromise (BEC) attack, which has increased in complexity, sophistication and frequency in recent years,” Tom Burt, Corporate Vice President, Customer Security & Trust, said in a statement.

According to the FBI’s 2019 Internet Crime Report, the most-costly complaints received by their Internet Crime Complaint Center (IC3) involved BEC crimes, with losses of over $1.7 billion, representing nearly half of all financial losses due to cybercrime.

The phishing emails instead contained messages regarding COVID-19 as a means to exploit pandemic-related financial concerns and induce targeted victims to click on malicious links. Once victims clicked on the deceptive links, they were ultimately prompted to grant access permissions to a malicious web application (web app).

Web apps are familiar-looking as they are widely used in organizations to drive productivity, create efficiencies and increase security in a distributed network. Unknown to the victim, these malicious web apps were controlled by the criminals, who, with fraudulently obtained permission, could access the victim’s Microsoft Office 365 account, said Microsoft.

This scheme enabled unauthorized access without explicitly requiring the victims to directly give up their login credentials at a fake website or similar interface, as they would in a more traditional phishing campaign. After clicking through the consent prompt for the malicious web app, the victim unwittingly granted criminals permission to access and control the victims’ Office 365 account contents, including email, contacts, notes and material stored in the victims’ OneDrive for Business cloud storage space and corporate SharePoint document management and storage system.

The company said that this unique civil case against COVID-19-themed BEC attacks “has allowed us to proactively disable key domains that are part of the criminals’ malicious infrastructure, which is a critical step in protecting our customers”.

While the lures may have changed, the underlying threats remain, evolve and grow, and it’s more important than ever to remain vigilant against cyber attacks, the company added.

Next Story
Similar Posts
Trending Now
Recommended Articles
  • News
  • From the Courts
  • Supreme Court (India)
  • High Court (India)
  • Global Insights
  • Deal Street
  • Hires & Moves
  • Refund & Cancellation Policy
  • Articles
  • Zoom In
  • Take On Board
  • In Focus
  • Law & Policy
  • IP & Tech Era
  • Viewpoint
  • Arbitration & Mediation
  • Tax
  • Student Corner
  • Interviews
  • Law Firms
  • E-Magazine
  • Legal Era TV
  • Membership
  • Reader's Feedback
  • Cartoons
  • Subscribe
  • Advertise
Follow Us
Subscribe Newsletter
  • 2023© All rights reserved Legal Era Media Group
  • Who We Are
  • Careers
  • Advertise with Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
Powered by  Hocalwire
X
X
We use cookies for analytics, advertising and to improve our site. You agree to our use of cookies by continuing to use our site. To know more, see our Cookie Policy and Cookie Settings.Ok