Phishers Using Azure Blog Storage to Host Phishing Forms with Legal Microsoft SSL License

Cybercriminals are utilizing Microsoft Azure Blog storage to host phishing forms. The site hosting the malevolent files has an authentic Microsoft SSL license which adds genuineness to the campaign. Similar methods have been used in the past for Dropbox phishing cheats and attacks that mimic other cloud storage platforms.

A usual phishing situation involves an electronic mail being transmitted with a button or hyperlink that the user is requested to tick to access a cloud-hosted file. When the link is clicked they are led to a website where they are needed to enter login identifications – Such as Office 365 identifications – to retrieve the file.

At this stage, the scam often falls down. Oftentimes the webpage that is visited seems strange, doesn’t begin with HTTPS, or the site has an illegal SSL certificate. Although visiting such a domain a large red flag will be raised. Nevertheless, if the user visits a usual looking domain and the SSL credential is legal and has been allotted to a trustworthy brand, the possibility of the user continuing and entering login identifications is far higher.

That is precisely the case with Azure blog storage. Although the domain might seem unknown, it’s a legal Windows domain finishing with .blob.core.windows.net and is safe with an SSL credential. An additional check will disclose that the certificate is legal and has been issued by Microsoft IT TLS CA 5. A genuine-looking Office 365 login form will emerge and identifications will need to be entered to get access to the document – electronic mail and password. This is likely to appear entirely reasonable since the user is retrieving a Microsoft document hosted on a Microsoft site.

Nevertheless, entering in identifications into the login box will see that information transmitted to a server managed by the attackers. The user will be informed that the document is being opened, even though they will be guided to a different Microsoft site. Although this is a red flag, by this time it is too late as the user’s identifications have already been thieved.

In this instance, it was Office 365 identifications that the attackers were trying to get, although the scam might similarly be conducted to get Azure identifications or other Microsoft logins.

Avoiding email-based phishing attacks is easiest with anti-phishing controls to safeguard the electronic mail gateway and avoid messages from reaching inboxes. An advanced spam filtering solution will make sure that the bulk of electronic mails are obstructed. Office 365 users must strongly consider extending Microsoft Office 365 with a third-party spam filter for better safety.

No anti-phishing solution will avoid all phishing electronic mails from reaching inboxes, so it is crucial for workers to be taught safety best practices and to get specific anti-phishing training. Besides providing training on the most common phishing cheats, it is important for end users to be educated on phishing cheats that misuse cloud facilities and object store URLs to make sure cheats like this can be identified as such.