A Phishing campaign has been discovered that leverages brand names to track victims into giving up Microsoft Office 365 credentials.
The scoop
MS Office 365 has become a lucrative target for threat actors due to its increasing adoption by the corporate sector. The latest attack comprised of the Hackers/Attackers exploiting an Adobe Campaign redirection mechanism, using a Samsung domain to redirect targets to an Office 365 themed phishing website.
NOTE: Nither Samsung nor Adobe were compromised in the sense of exploiting a vulnerability. Samsung’s Adobe Campaign server was left accessible to manage campaigns that were not part of the organization’s marketing campaigns.
How did the attackers bypass security?
- By Utilizes an Oxford email server to send spam - bypassed sender reputation filters.
- Links in the email indicate towards high-reputation domain owned by Samsung.
- Too many redirects lead to a completely obfuscated phishing page.
Footer Line is that Although the campaign was short-lived, the actors developed their redirection tactics to be independent of any particular domain and the Adobe Campaign servers. It is recommended that organisations use cloud and mail security measures to avert these types of attacks.