Security News > 2022 > February > Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins

A sophisticated phishing campaign directed at a "Major, publicly traded integrated payments solution company located in North America" made use of DocuSign and a compromised third party's email domain to skate past email security measures, researchers said.

The campaign spread seemingly innocuous emails around the company, with the goal of stealing Microsoft login credentials, researchers at Armorblox revealed.

The phishing emails successfully evaded traditional email security measures in part because they came from a domain belonging to Term Insurance Brokers.

Microsoft's Spam Confidence Level - a measure of the perceived legitimacy of any given email - assigned these malicious emails a score of '-1.' In SCL, -1 is the lowest possible score, allowing a message to skip filtering because it "Is from a safe sender, was sent to a safe recipient or is from an email source server on the IP Allow List.".

In the first three months of 2021 alone, researchers found 7 million malicious emails sent from Microsoft 365 and a staggering 45 million sent from Google's cloud services and infrastructure, Proofpoint reported, adding that cybercriminals have used the likes of Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage to send phishing emails and host attacks.

In an email to Threatpost, Lauryn Cash, product marketing manager at Armorblox, highlighted integrated cloud email security - a cloud- and AI-based method of identifying anomalous emails - as a weapon to support existing email security tools: "Tools that leverage natural language understanding can help stop zero-day attacks." NLU is the ability of a computer to interpret meaning from human language.

News URL

https://threatpost.com/cyberattackers-docusign-steal-microsoft-outlook-logins/178613/