A vast phishing campaign targeted millions of Microsoft's Office 365 users with attempted hacks in a single week. The National
A vast phishing campaign targeted millions of Microsoft's Office 365 users with attempted hacks in a single week. The National
A vast phishing campaign targeted millions of Microsoft's Office 365 users with attempted hacks in a single week. The National
A vast phishing campaign targeted millions of Microsoft's Office 365 users with attempted hacks in a single week. The National

Business

Microsoft users in 'a variety of industries' targeted in huge phishing campaign

Hackers started using malicious attachments with standard business terms as filenames, but recently updated them to link to the Covid-19 pandemic

Bloomberg

July 07, 2020

  • English
  • Arabic

Microsoft customers were targeted in a massive phishing campaign that has sought to defraud users in 62 countries since December. Recently, the malicious emails have evolved to capitalize on the pandemic, according to Microsoft.

The attack “targeted business leaders across a variety of industries, attempting to compromise accounts, steal information and re-direct wire transfers,” Microsoft said Tuesday in a blog post. The campaign was vast, hitting millions of Microsoft Office 365 users with attempted hacks in a single week, the company said.

Microsoft was able to disrupt the scheme through a recent court ruling, which allowed the company to take over domains used by the cyber criminals and prevent them from being used for cyber attacks, according to the post.

The phishing attacks were executed by hackers who posed as employers and other trusted senders in emails that were sent to users of Office 365. The messages contained attachments that, when clicked, prompted users to grant access to a web application that resembled those “widely used in organisations”. However, in this case, the “familiar-looking” applications were malicious and granting access let cyber attackers into users’ Office 365 accounts, according to the company.

“The criminals attempted to gain access to customer email, contact lists, sensitive documents and other valuable information,” the blog said.

In the early part of the hacking campaign, the attachments had titles related to standard business terms, such as “Q4 Report – Dec19”. However, the hackers recently renewed their phishing efforts using attachment names related to the pandemic, such as “Covid-19 Bonus,” according to Microsoft.

Coronavirus-themed phishing attacks have become so pervasive in recent months that the US and UK governments warned about their growing use. For example, in March, the number of attempted phishing emails sent by criminals and state-linked actors more than quadrupled amid the spreading virus, the cyber security firm FireEye reported. Moreover, this spring, a barrage of cyberscams and hacking attempts related to the virus hit remote workers as criminals sought to profit from the pandemic.

Microsoft declined to say how many users were sent phishing emails by the attackers, or how many of those emails were successful in tricking users into opening their malicious payload. The company also didn’t comment on potential suspects for the phishing campaign, beyond ruling out the possibility that the criminals were sponsored by a nation state.

On Women's Day
UAE tour of Zimbabwe

All matches in Bulawayo
Friday, Sept 26 – UAE won by 36 runs
Sunday, Sept 28 – Second ODI
Tuesday, Sept 30 – Third ODI
Thursday, Oct 2 – Fourth ODI
Sunday, Oct 5 – First T20I
Monday, Oct 6 – Second T20I

'Falling%20for%20Christmas'
%3Cp%3EDirector%3A%20Janeen%20Damian%3Cbr%3E%3Cbr%3EStars%3A%20Lindsay%20Lohan%2C%20Chord%20Overstreet%2C%20Jack%20Wagner%2C%20Aliana%20Lohan%3Cbr%3E%3Cbr%3ERating%3A%201%2F5%3C%2Fp%3E%0A
More from Rashmee Roshan Lall
Terror attacks in Paris, November 13, 2015

- At 9.16pm, three suicide attackers killed one person outside the Atade de France during a foootball match between France and Germany- At 9.25pm, three attackers opened fire on restaurants and cafes over 20 minutes, killing 39 people- Shortly after 9.40pm, three other attackers launched a three-hour raid on the Bataclan, in which 1,500 people had gathered to watch a rock concert. In total, 90 people were killed- Salah Abdeslam, the only survivor of the terrorists, did not directly participate in the attacks, thought to be due to a technical glitch in his suicide vest- He fled to Belgium and was involved in attacks on Brussels in March 2016. He is serving a life sentence in France

Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.

Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.

Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.

Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.

“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.

Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.

From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.

Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.

BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.

Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.

Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.

“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.

Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.

“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.

“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”

The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”

While you're here
Read