Security News > 2021 > February > Microsoft Office 365 Attacks Sparked from Google Firebase
A phishing campaign bent on stealing Microsoft login credentials is using Google Firebase to bypass email security measures in Microsoft Office 365, researchers said.
Clicking the thumbnail or "View File" link leads to the final phishing page, asking victims to log in with their Microsoft credentials, and asks them to provide alternate email addresses or phone numbers - an effort to collect data that could be used to get around two-factor authentication or account recovery mechanisms.
"Microsoft assigned a Spam Confidence Level of '1' to this email, which meant that Microsoft did not determine the email as suspicious and delivered it to end-user mailboxes."
Interestingly, by hosting the phishing page HTML on Google Firebase, an inherently trusted domain, the emails were able to nip past built-in Microsoft security filters, including Exchange Online Protection and Microsoft Defender for Office 365.
Firebase has been leveraged in previous attacks; for instance, last year a series of phishing campaigns using Google Firebase storage URLs surfaced, showing that cybercriminals continue to leverage the reputation of Google's cloud infrastructure to dupe victims and skate by secure email gateways.
For better protection against email-borne threats, employees should be trained to engage with emails related to money and data with an "Eye test" that includes inspecting the sender name, sender email address, language within the email and any logical inconsistencies within the email, according to Armorblox.
News URL
https://threatpost.com/microsoft-office-365-attacks-google-firebase/163666/
Related news
- Microsoft Office LTSC 2024 preview available for Windows, Mac (source)
- Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw (source)
- Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- Kaiser Permanente handed over 13.4M people's data to Microsoft, Google, others (source)
- New Latrodectus malware attacks use Microsoft, Cloudflare themes (source)
- Microsoft warns of "Dirty Stream" attack impacting Android apps (source)