Microsoft recently apologized for an Azure Active Directory issue that disrupted access to Office 365 applications and the Azure Admin Portal for two hours or more for some users. Microsoft conducted a root cause analysis in an attempt to offer an explanation on what caused the outage.
In the root cause analysis notice, Microsoft said that a cross-cloud migration operation that was intended to improve the Azure AD service, ended up disrupting services for some organizations. The outage occurred on March 15 for users of the Azure Admin Portal, Teams, Exchange, Azure KeyVault, SharePoint, Storage and other major applications.
The notice also mentioned that Microsoft is currently working on a two-stage process, called the safe deployment process, to improve the Azure AD service. As part of the plan, Microsoft has already completed the first stage of this Safe Deployment Process for the Azure AD service. The second stage is said to be completed by the mid of 2021.
It is to be noted that this incident isn’t the first of its kind for Azure AD. Microsoft added that a similar incident previously occurred on September 2020 were users of Microsoft 365 services experienced various outages tied to the Azure AD service. However, Microsoft promised that the Safe Deployment Process will eliminate such issues from happening again.
Microsoft 365 users saw a slew of phishing emails, thanks to an ongoing attack aiming at stealing Microsoft 365 credentials. To make the emails look more realistic and legitimate, attackers are adding a fake Google reCAPTCHA system in addition to their company logos in the mails. Security researchers indicate that over 2500 such emails have been unsuccessfully sent to senior-level employees in the banking and IT sector, over the past three months.
These phishing emails first take the receiver to a fake Google reCAPTCHA page upon clicking a link in the mail. Once the recipient take the test, they are redirected to a bogus landing page from where their Microsoft 365 credentials are stolen. Another common method that attackers seem to apply is by sending senior members of an organization, emails about voicemail attachment. The modus operandi is similar in such attacks too.
Researchers are concerned that attackers are putting more work in to making the phishing attack look more legitimate and the landing pages fit the victim profile. The attacks are also targeting senior business leaders increasingly as such people have the most privileges and access to sensitive data.
Researchers also noted that, most phishing pages associated with the campaign were hosted using generic top level domains such as .xyz, .reset and .online. These domains are usually used by cybercriminals in spam and phishing attacks owing to its cheap availability
In 2020, half of all phishing emails used Microsoft Office-themed content to lure in unsuspecting victims and swipe their credentials, according to a Tuesday report by Cofense. The company analyzed millions of attack-related emails and concluded that 57% of the mails were phishing emails with the intent to steal credentials, while the rest were used for planting malware in the user’s systems or as business email compromise (BEC) attacks.
Cofense researchers said that 45% of those phishing emails were Microsoft themed as they were banking on the increase in organizations migrating to Office 365. “With the number of organizations migrating to Office 365, targeting these credentials allows the threat actor to gain access to the organization as a legitimate user to go undetected,” the researchers from the company told Threatpost. They further went on to recommend the use of multi-factor authentication (MFA) to secure Microsoft Office logins.
The researchers also said that apart from Microsoft products and solutions that tie-in with Microsoft, other company names have also been used to lure in victims. “Other popular brands we observed asking for credentials were other various cloud hosting services such as Adobe, Dropbox, Box, DocuSign or WeTransfer,” the researchers said.