This new age of cybercriminals have generated new creative ways to attack against Microsoft 365 users. They have started using Static Web Apps, an Azure service, in their quest to do so.
These features are employed by threat actors to host static landing phishing pages, the researchers are now saying. These landing pages look almost just like official Microsoft services, with the corporate logo, and therefore the Single SignOn (SSO) option that harvests Office 365, Outlook, or other credentials.
More creative, more sneaky
According to Bleeping Computer, using Azure Static Web Apps to target Microsoft users is an “excellent tactic.” Each landing page receives its own secure page padlock in the address bar thanks to the *.1.azurestticapps.net wildcard TLS certificate.
With such a TLS certificate, even the foremost suspicious of victims might be tricked and lost their Microsoft credentials.
It also makes the landing pages suitable for targeting users on other platforms and email providers, as these victims may be duped by the fake security assurance of the genuine Microsoft TLS certificate.
When a person suspects a phishing attack, they usually check the URL they’re being invited to click. Using Azure Static Web Apps renders this advice obsolete, as many will be fooled by the azurestticapps.net identity and believe it is legitimate.
The art of imitating Microsoft
The new sneaky tactic: Static Web Apps in Azure’s tool for building and deploying full stack web apps to Azure from a code repository.
For the time being, Microsoft has remained silent on the subject.
With new ways to strengthen our security, hackers have devised new ways to breach us. One particular event is a series of Microsoft 365 credential theft.
These features enable hackers to create phishing landing pages that appear completely authentic while avoiding certain security measures. Without a doubt, a very clever strategy for stealing our Microsoft credentials.
It is difficult to identify the differences, but not impossible. Which tells us that we should be more vigilant about this new threat.
You might be interested in: