Infosecurity Group Websites
Latest
News

Attackers Pose as Zoom to Steal Microsoft Credentials

Cyber-thieves are impersonating videoconferencing platform Zoom to steal victims' Microsoft credentials.

New research published today by Abnormal Security revealed that Zoom users are being targeted with fake notification emails that contain malicious links. 

Describing the conceit, researchers said: "This attacker impersonates Zoom by crafting a convincing email and landing page that mimics meeting notifications from Zoom. The email masquerades as an automated notification stating that the user has recently missed a scheduled meeting and implores the user to visit the link for more details and a recording of the meeting."

When the user clicks on the legitimate-looking Zoom link, they are taken to a fake Microsoft login page with the name of the user’s organization and "Zoom" above the sign-in location.

"This indicates that the attackers are more interested in the user’s Microsoft credentials, which can be used to access a larger trove of sensitive information," concluded researchers.

The attack was observed occurring across several organizations with specific elements such as usernames customized to target each specific recipient.

While the attackers attempted to cover their tracks by making it appear as though the malicious notifications were stemming from multiple sources, researchers picked up on tell-tale signs that indicate they were linked. 

"Although the attackers are trying to disguise their location by using many different VPN sources, the messages all look similar, were sent during a short, discrete time period, and use the same VPN services, which leads us to believe that these are coordinated attacks by the same malicious actor," wrote researchers. 

Asked how sophisticated this attack was on a scale of one to ten, with ten being the most sophisticated, Abnormal Security's VP of cybersecurity strategy, Ken Liao, rated it a six. 

"Our models picked up on the abnormalities of the email, found in the 'Techniques to Detect' image on our blog, which included suspicious features like suspicious IP geolocation as well as unusual sender," Liao told Infosecurity Magazine. "However, the attacker created links with the brand name and customized landing pages for each organization they targeted, so there was some tailoring of the attacks to the specific targets."

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Celebrity Data Stolen in Ransomware Attack on NYC Law Firm

2
News

Data Breach Exposes Four Million Dating App Users

3
News

Deloitte Partners with Palo Alto to Extend Its Cybersecurity Services

4
News

Cognizant: Ransomware Costs Could Reach $70m

5
News

State Hackers Target UK Unis for #COVID19 Vaccine Research

6
News

Ransomware Attack on Europe's Largest Private Hospital Operator

1
News

US to Issue Warning over Attempted Theft of Coronavirus Research

2
News

Attackers Pose as Zoom to Steal Microsoft Credentials

3
News

Only 19% of Lockdown ‘Work from Homers’ Update Anti-Virus Solution

4
Opinion

#HowTo Better Prevent Banking App Breaches

5
Opinion

Keeping Your Backups Safe from Ransomware Attacks

6
Editorial

Editorial: True Colors (Q2 2020 Issue)

1
Webinar

Advanced Protection Against Zero Day Threats and Malware

2
Webinar

#WFH and Network Security – Lessons Learned So Far

3
Webinar

Why Remediation Needs to be Part of Your Vulnerability Management Program

4
Webinar

Remotely Manage Secure File Transfers Amid COVID-19 and Beyond

5
Webinar

Avoiding the Security Pitfalls of Digital Transformation

6
Webinar

The Power of Continuous AppSec and How to Achieve It

1
Opinion

We Don’t Need More Cybersecurity, We Need Better Cybersecurity

2
Blog

Why Data Centers Need Formal Data End-of-Life Processes

3
Interview

Interview: Debra Danielson, CTO and SVP of Engineering, Digital Guardian

4
News Feature

Meeting the Author of the #LoveBug - ‘Crime Dot Com’ Preview

5
Next-Gen

Interview: David Shrier, Oxford Cyber Future

6
Webinar

Why Remediation Needs to be Part of Your Vulnerability Management Program