Microsoft shuts down cybercrime domains using COVID-19 related lures

Kareem Anderson

While physical crime has seen a stark decrease since the global pandemic known as COVID-19 has reared its ugly head, it seems that digital crime has remained relatively unscathed.

To that point, the U.S. District Court for the Eastern District of Virginia has released details regarding Microsoft’s ongoing work to help curb cyber criminality which leverages COVID-19 fears to defraud unassuming digital patrons.

Microsoft’s Digital Crimes Unit (DCU) has worked across 62 countries around the world to prevent sophisticated phishing schemes attempting to compromise Microsoft customer accounts.

The criminals attempted to gain access to customer email, contact lists, sensitive documents, and other valuable information. Based on patterns discovered at that time, Microsoft utilized technical means to block the criminals’ activity and disable the malicious application used in the attack. Recently, Microsoft observed renewed attempts by the same criminals, this time using COVID-19-related lures in the phishing emails to target victims.

As Microsoft reports, when the scheme first originated, the emails “contained deceptive messages associated with generic business activities,” but eventually evolved to include COVID-19 related messaging, as seen below.

When successful, criminals would be granted access from a prompt instructing the customer to allow a malicious web app access to the user’s Microsoft Office 365 account, which ultimately gave criminals free rein over emails, contact lists, cloud storage, notes, files, and SharePoint management.

According to the Internet Crime Complaint Center (IC3) cases of business email compromise (BEC)  such as this new phishing scheme, account for over $1.7 billion in losses in 2019 and represent nearly half of all financial cybercrime losses.

Microsoft’s recent civil case win now allows the company to “seize control of key domains in the criminals’ infrastructure so that it can no longer be used to execute cyberattacks.”

Microsoft has managed to plug one hole, but the company’s DCU division knows its work is only going to get more sophisticated as cybercrime evolves.