In their phishing attempts against Microsoft 365 subscribers, cybercriminals have begun to employ Static Web Apps, an Azure service.
According to the experts, threat actors have been using these features to host static landing phishing sites. Thanks to the corporate branding and the Single SignOn (SSO) option that harvests Office 365, Outlook, or other credentials, these landing pages seem almost identical to authentic Microsoft services.
According to BleepingComputer, utilizing Azure Static Web Apps to target Microsoft customers is an excellent technique. Each landing page receives its secure page padlock in the address bar, thanks to the wildcard TLS certificate *.1.azurestticapps.net.
Even the most skeptical of victims might be duped with a TLS certificate. It also makes the landing pages helpful in targeting users on other platforms, and email providers since the phony security guarantee of the authentic Microsoft TLS certificate might confuse these victims.
When a person suspects a phishing assault, they usually examine the URL they're being sent to. The article concludes that using Azure Static Web Apps renders this advice meaningless since many people will be tricked by the azurestticapps.net identity and believe it is authentic.
Static Web Apps in Azure From a code repository, Microsoft's technology allows developers to build and deploy full-stack web projects to Azure.
For the time being, Microsoft has remained mum on the subject.
Patching and doing yearly security checks are vital, but they aren't adequate. It is critical to see granularly and respond to security concerns reasonably. This process is where Managed Detection and Response (MD&R) enters the picture.
Regardless of whether you have patched, it would help if you first undertook a cybersecurity threat assessment. This assessment may allow you to uncover any backdoors that criminals may have left to exploit in the future.
Review the security control measures currently in use in your company model. You'd be surprised at how many firms have suffered significant losses simply because they neglected to restrict access to specific resources. Based on this logic, users should only have access to what they need to do in their day-to-day jobs. You'll limit the scope of what an attacker can do if a user's account is compromised since attackers target mail accounts with administrator access (particularly global admin accounts).
Furthermore, limiting the number of persons who have access to sensitive data and controls decreases privilege misuse, such as data theft. Enforcing multifactor authentication, teaching users, encryption, and continually verifying if auto-forwarding is off are all security practices (key setting criminals tamper with to create a gateway to the system progressively).
While most small businesses believe that early discovery of vulnerabilities and sufficient response planning are critical, many lack the means. One solution is to recruit cybersecurity specialists, but this is difficult due to a global shortage of these professionals and the high cost of establishing an in-house security team. Another problem arises when businesses transfer cybersecurity obligations to "tech-savvy" IT staff. Surprisingly, most of them lack the competence and expertise to adopt company-wide IT security measures.
Infocyte introduced the Microsoft 365 Security Module on July 4 this year in response to vulnerabilities impacting Microsoft 365, which gives visibility into which security best practices are adopted in your environment and warns you of any configuration changes. Another advantage of MDR is that it detects and responds to security alarms 24 hours, seven days a week.