Hackers Have Found a Clever New Way to Steal Your Microsoft 365 Credentials

Hackers Have Found a Clever New Way to Steal Your Microsoft 365 Credentials

In their phishing attempts against Microsoft 365 subscribers, cybercriminals have begun to employ Static Web Apps, an Azure service.

Static Web Apps offer two aspects that are easily misused, according to MalwareHunterTeam researchers: unique branding for online apps and web hosting for inert material such as HTML, CSS, JavaScript, or pictures

According to the experts, threat actors have been using these features to host static landing phishing sites. Thanks to the corporate branding and the Single SignOn (SSO) option that harvests Office 365, Outlook, or other credentials, these landing pages seem almost identical to authentic Microsoft services.

Sneaky Tactics

According to BleepingComputer, utilizing Azure Static Web Apps to target Microsoft customers is an excellent technique. Each landing page receives its secure page padlock in the address bar, thanks to the wildcard TLS certificate *.1.azurestticapps.net. 

Even the most skeptical of victims might be duped with a TLS certificate. It also makes the landing pages helpful in targeting users on other platforms, and email providers since the phony security guarantee of the authentic Microsoft TLS certificate might confuse these victims.

When a person suspects a phishing assault, they usually examine the URL they're being sent to. The article concludes that using Azure Static Web Apps renders this advice meaningless since many people will be tricked by the azurestticapps.net identity and believe it is authentic.

Static Web Apps in Azure From a code repository, Microsoft's technology allows developers to build and deploy full-stack web projects to Azure.

Its highlights include web hosting for static content like HTML, CSS, JavaScript, and images, Azure Functions-integrated API support, GitHub and Azure DevOps integration, globally distributed static content, free, automatically renewed SSL certificates, custom domains for branded app customizations, and more.

For the time being, Microsoft has remained mum on the subject.

You Should Monitor Your Microsoft 365 Environment Regularly

Patching and doing yearly security checks are vital, but they aren't adequate. It is critical to see granularly and respond to security concerns reasonably. This process is where Managed Detection and Response (MD&R) enters the picture.

Regardless of whether you have patched, it would help if you first undertook a cybersecurity threat assessment. This assessment may allow you to uncover any backdoors that criminals may have left to exploit in the future.


Picture: Kaspersky

Review the security control measures currently in use in your company model. You'd be surprised at how many firms have suffered significant losses simply because they neglected to restrict access to specific resources. Based on this logic, users should only have access to what they need to do in their day-to-day jobs. You'll limit the scope of what an attacker can do if a user's account is compromised since attackers target mail accounts with administrator access (particularly global admin accounts).

Furthermore, limiting the number of persons who have access to sensitive data and controls decreases privilege misuse, such as data theft. Enforcing multifactor authentication, teaching users, encryption, and continually verifying if auto-forwarding is off are all security practices (key setting criminals tamper with to create a gateway to the system progressively).

Why Utilize a Managed Detection and Response Provider to Keep Attackers at Bay?

While most small businesses believe that early discovery of vulnerabilities and sufficient response planning are critical, many lack the means. One solution is to recruit cybersecurity specialists, but this is difficult due to a global shortage of these professionals and the high cost of establishing an in-house security team. Another problem arises when businesses transfer cybersecurity obligations to "tech-savvy" IT staff. Surprisingly, most of them lack the competence and expertise to adopt company-wide IT security measures.


Picture: Microsoft

Infocyte introduced the Microsoft 365 Security Module on July 4 this year in response to vulnerabilities impacting Microsoft 365, which gives visibility into which security best practices are adopted in your environment and warns you of any configuration changes. Another advantage of MDR is that it detects and responds to security alarms 24 hours, seven days a week.


2 ratings
Paul Syverson
Paul Syverson
Paul Syverson is the founder of Product Reviews. Paul is a computer scientist; he used to carry out a handful of significant studies which contributed to bringing in many special features on the site. He has a huge passion for computers and other tech products. He is always diligent in delivering quality writings to bring the most value to people. Syverson.org |