Over 70 organizations across all business verticals, most of which are in the U.S., have been subjected to a phishing campaign exploiting Microsoft 365's Direct Send feature for stealth that has been underway since last month, reports BleepingComputer.
Most of the attacks have been aimed at the financial services sector, followed by manufacturing, construction/engineering, and healthcare/insurance, according to an analysis from the Varonis Managed Data Detection and Response team. Targeted organizations' smart hosts have been leveraged by attackers to launch a PowerShell script delivering malicious emails purporting to be voicemail or fax notices via Direct Send, with the messages including PDF attachments that lure targets into scanning a QR code that redirects to a counterfeit Microsoft login form. Other emails have been sent using a Ukrainian IP address or an internal email address. Such intrusions should prompt the activation of Exchange Admin Center's "Reject Direct Send" setting and anti-spoofing policies, as well as robust DMARC policy adoption, said Varonis.
Most of the attacks have been aimed at the financial services sector, followed by manufacturing, construction/engineering, and healthcare/insurance, according to an analysis from the Varonis Managed Data Detection and Response team. Targeted organizations' smart hosts have been leveraged by attackers to launch a PowerShell script delivering malicious emails purporting to be voicemail or fax notices via Direct Send, with the messages including PDF attachments that lure targets into scanning a QR code that redirects to a counterfeit Microsoft login form. Other emails have been sent using a Ukrainian IP address or an internal email address. Such intrusions should prompt the activation of Exchange Admin Center's "Reject Direct Send" setting and anti-spoofing policies, as well as robust DMARC policy adoption, said Varonis.
