Security News > 2021 > June > Microsoft Disrupts Large-Scale, Cloud-Based BEC Campaign
Threat hunters at Microsoft recently uncovered and disrupted infrastructure that powered a large-scale business email compromise campaign.
"The emails originated from an external cloud provider's address space."
The automated tasks included adding the forwarded rules, monitoring compromised mailboxes, identifying the most-valuable victims and processing the forwarded emails, according to Microsoft.
"We observed theactivities from IP address ranges belonging to an external cloud provider, and then saw fraudulent subscriptions that shared common patterns in other cloud providers, giving us a more complete picture of the attacker infrastructure," researchers explained.
"BEC attacks unfortunately can stay undetected until they cause real monetary loss because of limited or partial visibility provided by security solutions that don't benefit from comprehensive visibility into email traffic, identities, endpoints and cloud behaviors, and the ability to combine together isolated events and deliver a more sophisticated cross-domain detection approach."
Researchers worked with Microsoft Threat Intelligence Center to report the findings to multiple cloud security teams, which suspended the offending accounts, resulting in the takedown of the infrastructure.
News URL
https://threatpost.com/microsoft-disrupts-cloud-bec-campaign/166937/
Related news
- Ransomware gang using stolen Microsoft Entra ID creds to bust into the cloud (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft lost some customers’ cloud security logs (source)
- IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools (source)