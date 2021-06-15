Microsoft revealed this Tuesday (15) that its Digital Crimes Unit managed to shut down the operation of a criminal group that used cloud structures to steal corporate emails. According to the company, attackers used services offered by the largest operators in the area to compromise accounts through phishing and gain access to financial transactions from there.

According to the company’s researchers, the structure used in the attacks was hosted on several cloud services. Thus, criminals were able to act stealthily, using different IP addresses and time slots. In this way, what seemed to be a single action was actually carried out by several distinct groups.

The company says such attacks are difficult to detect because they often go unnoticed by inbox filters. According to the FBI, in 2020 alone, more than $1.8 billion was obtained by cybercriminals using such methods in actions that generated 19,369 complaints within the United States alone.

To achieve its goals, Microsoft’s Digital Crimes Unit investigated the forwarding rules set up by criminals and the fake login pages that were used to carry out password theft. The company claims to be ready to deal with the problem thanks to the infrastructure of Office 365 and Azure, and recommends that users always enable two-step authentication to avoid falling victim to scams of this nature.

After detecting the criminals’ behavior and discovering the way they operated, the company contacted the providers of the cloud services they used. After being alerted, they banned the criminal accounts, which caused the entire structure set up for the theft of credentials to go down.

Microsoft Teams had serious security flaw

Also on Tuesday (15), Microsoft announced that it has already fixed a serious security hole related to Microsoft Teams. The problem allowed them to gain access to conversation histories, email addresses and other information shared through platforms such as OneDrive and SharePoint.

Responsible for the discovery, researchers at security firm Tenable say the breach also allowed them to take full control of Microsoft 365 accounts. As a result, criminals could send phishing emails to other people and carry out a series of secondary attacks with great destructive potential. .

The flaw in question was in Power Apps, a product created to facilitate application development. By manipulating the tool’s trusted address, scammers could generate fake links that compromise any Teams user who clicked on them — Tenable warns that the number of access tokens the vulnerability has exposed gives indications that other attacks that were not detected by its analysis may be carried out.

Although dangerous, the vulnerability could only be exploited by those who had the authority to create tabs in Power Apps, meaning that it could not be used by third parties. There is no evidence that it was used in a scam, and the update released by Microsoft has already been applied to all consumers using Teams.