Ontario IT Services and IT Support
Hackers are stealing Microsoft 365 credentials

Be careful! Hackers have a new way to steal your Microsoft 365 credentials

This new age of cybercriminals have generated new creative ways to attack against Microsoft 365 users. They have started using Static Web Apps, an Azure service, in their quest to do so.

Static Web Apps have two features that are easily abused, according to MalwareHunterTeam researchers: custom branding for web apps and web hosting for static content such as HTML, CSS, JavaScript, or images.

These features are employed by threat actors to host static landing phishing pages, the researchers are now saying. These landing pages look almost just like official Microsoft services, with the corporate logo, and therefore the Single SignOn (SSO) option that harvests Office 365, Outlook, or other credentials.

More creative, more sneaky

According to Bleeping Computer, using Azure Static Web Apps to target Microsoft users is an “excellent tactic.” Each landing page receives its own secure page padlock in the address bar thanks to the *.1.azurestticapps.net wildcard TLS certificate.

With such a TLS certificate, even the foremost suspicious of victims might be tricked and lost their Microsoft credentials.

It also makes the landing pages suitable for targeting users on other platforms and email providers, as these victims may be duped by the fake security assurance of the genuine Microsoft TLS certificate.

When a person suspects a phishing attack, they usually check the URL they’re being invited to click. Using Azure Static Web Apps renders this advice obsolete, as many will be fooled by the azurestticapps.net identity and believe it is legitimate.

The art of imitating Microsoft

Hackers are using Static Web Apps, an Azure service, to stole Microsoft 365 credentials.
Custom domains looking almost the same that official Microsoft ones.

The new sneaky tactic: Static Web Apps in Azure’s tool for building and deploying full stack web apps to Azure from a code repository.

Web hosting for static content such as HTML, CSS, JavaScript, and images, integrated API support provided by Azure Functions; GitHub and Azure DevOps integration, globally distributed static content, free, automatically renewed SSL certificates, custom domains to provide branded app customizations, and other features are among its key features.

For the time being, Microsoft has remained silent on the subject.

Conclusion

With new ways to strengthen our security, hackers have devised new ways to breach us. One particular event is a series of Microsoft 365 credential theft.

We see cybercriminals starting to use Static Web Apps, an Azure service. These Static Web Apps have two features that can be easily abused: branding customization of web applications and web hosting of static content such as HTML, CSS, JavaScript or images. 

These features enable hackers to create phishing landing pages that appear completely authentic while avoiding certain security measures. Without a doubt, a very clever strategy for stealing our Microsoft credentials.

It is difficult to identify the differences, but not impossible. Which tells us that we should be more vigilant about this new threat.

You might be interested in:

5 ways to protect your business from cyberattacks

An affordable version of Microsoft Teams for small businesses

Home Office Security – Never too late to evaluate