Security News > 2021 > June > Microsoft Disrupts Large-Scale BEC Campaign
Microsoft today announced it disrupted a large-scale business email compromise campaign in which the attackers used forwarding rules to access messages related to financial transactions.
The attackers used a large cloud-based infrastructure for the campaign, to automate operations at scale, including the monitoring of compromised mailboxes, the creation of forwarding rules, identifying valuable victims, and processing the forwarded emails.
According to Microsoft, the attackers attempted to hide the scale of their operation by making it look as if the attacks were not connected to one another.
"The use of attacker infrastructure hosted in multiple web services allowed the attackers to operate stealthily, characteristic of BEC campaigns. The attackers performed discrete activities for different IPs and timeframes, making it harder for researchers to correlate seemingly disparate activities as a single operation," Microsoft notes.
"Business email compromise is a constant threat to enterprises. [] BEC attacks are very stealthy, with attackers hiding in plain sight by blending into legitimate traffic using IP ranges with high reputation and by conducting discrete activities at specific times and connections," Microsoft says.
Although the campaign generated very low signals to make it difficult to identify within the usual noise of corporate network traffic, these attacks could have been prevented through the use of multi-factor authentication, which would have prevented the attackers from logging into the compromised mailboxes, the tech giant says.