Microsoft Reports New Phishing Scam
Dark Web Links to 2022 Malicious Malware
Microsoft reported that its IT engineers have discovered a recent phishing scam launched by dark web hackers. The tech giant shared its finding in a report that elaborates on the malicious virus. According to the report, the malware employs a new kind of strategy that easily infiltrates and duplicates on its victims’ network.
The shared insights further state that the infectious virus’s unique strategy involves registering the victim’s computer network to the dark web hackers’ scamming devices. Additionally, the newly detected phishing campaign then employs a unique technique that helps it to further spread and remain undetected by Multi Factor Authentication.
New Phishing Virus Evades MFA
The Microsoft research team discovery was documented in a blog post titled Unique Phishing Strategy Registers Attacker’s Device To Victim Network Elaborating. In addition, the highly trained research team shared critical details about how the virus infection utilizes a phased strategy to spread throughout the infected network system.
Furthermore, Microsoft’s 365 Defender Threat Intelligence Team highlighted the new dark web phishing attack particular technique. The research analysts revealed the scam main targets are technology network systems without the requisite multi-factor authentication (MFA).
Easily Register Stolen Credentials
Without the security feature of multifaceted authentication, the new phishing scam takes advantage of the victim’s network through multiple phases. This technique described further by the Microsoft technical team particularly proves to be successful with the bring-your-own-device (BYOD) concept. Thus, enhancing the phishing scam; it provides the pathway to register stolen credentials on unprotected devices.
Microsoft warned that companies should invest in having their computer networks protected by Multi-function Authentication protocols. With MFA sufficiently enabled the phishing scam can be averted as stolen credentials cannot be registered by the dark web hackers devices.
Phishing Scam Attacks in Phases
Reportedly, the dark web hackers exploit campaign has two phases to attacks, which work together to steal the credentials of targeted system networks. The researchers revealed that the phishing scam has evolved in a global attack on Internet businesses. Currently, it has been tracked tp several countries inclusive of Thailand, Indonesia, Singapore, and Australia.
In phase one, after the identity information is stolen, the second phase of the phishing scam is released by the dark web hackers. With that, the second phase of the malware registered the hackers chosen device to the infiltrated network system, without leaving a trace behind.
The tech company also warned that the hackers find their victims through emails that redirect to phishing webpages that steal the private credentials. Additionally, the scammers’ fake phishing pages are duplicated as Office 365 login pages.
In conclusion, Microsoft warned online businesses to enable MFA protection on their network systems. Also, individuals must reset old passwords to prevent being an easy target of new 2022 phishing, and malware threats.