Cyber Security

Microsoft Tailing Dynamically Generated Email Infrastructure

Microsoft has recently released a report over two elements of a new email infrastructure used to send over a million malware-laden emails each month. This infrastructure, which appears to be a substitute after the disruption of Necurs botnet, has been used to deliver at least seven different types of malware.

Emerging attacker email infrastructure

The emergence of this infrastructure dates back to March and April 2020. Since then, Microsoft has observed and analyzed this email infrastructure consisting of two segments named StrangeU and RandomU.

  • The StrangeU (using the word strange in new domains) and RandomU (creating domain names randomly) infrastructure has mostly targeted victims in financial services, healthcare sector, and wholesale distribution, located in Australia, the USA, and the U.K.
  • From commodity malware such as Makop and Mondfoxia to delivering persistent malware including Trickbot, Dofoil, Emotet, Dopplepaymer, and Dridex, the infrastructure has been used to mainly attack corporate email accounts, while avoiding consumer accounts.
  • However, according to Microsoft, the fundamentals have remained the same to gain initial access to systems. The core tactics and tools included spear-phishing emails, fake alerts, emergency notifications, and trendy lures.

Recent email-based attacks

In the past few months, several attack campaigns have been observed leveraging email infrastructure for targeting potential victims.

  • Last month, scammers were observed leveraging some loopholes in Microsoft 365 read receipts and out of office replies for targeting their victims.
  • In the same month, attackers had hijacked email security connections of a Mimecast-issued certificate used to authenticate some of the firm’s products to Microsoft 365 Exchange Web Services, with the aim to spy on targets.

Wrapping up

The use of innovative tactics such as dynamic domain-name generation for email infrastructure suggests that cybercriminals are making regular investments in improving their email-based attack tactics. Attackers are repeatedly relying on familiar malicious tactics such as emails with malicious links or attachments to gain initial access to systems. This calls for an urgent need to tighten up email-based security across organizational networks.

Source: https://cyware.com/news/microsoft-tailing-dynamically-generated-email-infrastructure-4c9c2351

Click to comment

You May Also Like

Cyber Security

State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho and Fortinet vulnerabilities, a joint advisory published by CISA, the...

Business News

The Russian ruble’s wobble in value has exposed a crack in President Vladimir Putin’s fortress economy, a vulnerability quickly plastered over by the Kremlin’s economic team...

Business News

NEW YORK (AP) — Stocks are opening higher on Wall Street as markets shift their attention from the Federal Reserve to more corporate earnings...

Cyber Security

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version