Security News > 2023 > March > Microsoft: Business email compromise attacks can take just hours
Microsoft's Security Intelligence team recently investigated a business email compromise attack and found that attackers move rapidly, with some steps taking mere minutes.
BEC attacks are a type of cyberattack where the attacker gains access to an email account of the target organization through phishing, social engineering, or buying account credentials on the dark web.
The attacker logged in to the victim's account on January 5, 2023, and spent two hours searching the mailbox for good email threads to hijack.
Microsoft 365 Defender generated a warning about BEC financial fraud 20 minutes after the threat actor deleted the sent email and automatically disrupted the attack by disabling the user's account.
"In our testing and evaluation of BEC detections and actions in customer environments faced with real-world attack scenarios, dozens of organizations were better protected when accounts were automatically disabled by Microsoft 365 Defender," claims Microsoft.
Microsoft says its security product has disrupted 38 BEC attacks targeting 27 organizations using high-confidence eXtended Detection and Response signals across endpoints, identities, email, and SaaS apps.
News URL
Related news
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- ClickFix attack delivers infostealers, RATs in fake Booking.com emails (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)