Fake Google and Microsoft branded websites meant to trick users into giving away their login credentials accounted for a bulk of form based cyberattacks detected by Barracuda Networks in last four months.
Out of the 100,000 form-based attacks by the cybersecurity firm between January 1 and April 30, Google file sharing and storage websites were used in 65% of the cases, accounting for 4% of all spear-phishing attacks in the first four months of the 2020.
The report shows that 25% of attacks used storage.googleapis.com, 23% used docs.google.com, 13% used storage.cloud.google.com and 4% used drive.google.com for impersonation.
On the other hand, Microsoft brands accounted for 13% of the attacks. Microsoft’s onedrive.live.com was involved in 6% attacks, sway.office.com in 4% attacks and forms.office.com in 3% of attacks.
The other leading websites used in impersonation attacks include sendgrid.net (10%), mailchimp.com (4%), and formcrafts.com (2%).
In addition to impersonating legitimate file-sharing site such as OneDrive to take targets to a phishing site, attackers also used legitimate services like forms.office.com to create fake online forms. By entering their credentials, target would end up giving away control of their legitimate accounts to attackers.
Another method used by attackers to get access to accounts without seeking passwords involves fake login pages requesting access token for an app.
After a user tries to login using credentials, they are presented with a list of app permissions to accept. If they accept the permissions, the attacker gains access to their login credentials and through that unfettered access to their accounts.
All these malicious sites are being distributed through phishing emails, many of which pretending to be disseminating information on covid-19.
“The attacks are taking advantage of the heightened focus on covid-19 to distribute malware, steal credentials, and scam users out of money. While phishing tactics are common in nature, this is a new kind of form-based attack that our researchers have been steadily detecting throughout the beginning of the year,” Murali Urs, Country Manager, India of Barracuda Networks said in a statement.
Urs expects the numbers to grow in the coming months as attackers are successfully able to harvest credentials with these attacks. It is now upon the businesses to establish solutions to stop the attackers from bypassing email getaways, spam filters and track suspicious IPs.
Allowing the fact that brand impersonation attacks cannot be easily eliminated, researchers at Baraccuda Networks feel that organizations must come up with solutions which use machine learning (ML) to analyze normal communication patterns instead of looking for malicious links or attachments.
Organizations should also encourage adoption of multi-factor authentication and other forms of security such as authentication code, fingerprint or retina based biometrics.