Microsoft Explained Malware Spotted in Windows Machine Gone Down Due Major Security Improvements

Microsoft released three of more cunning phishing operations discovered in 2019

According to report, Microsoft has revealed three of more dangerous phishing operations discovered in 2019. The company has explained about the phishing attack in their recent blog post and states that scammers attempt to gain individual’s personal information via phishing tactics like use of malicious emails and fake websites, and targets the user with money and information that can be used for identity theft. Since, protections against phishing have increased and become incredibly effective, preventing billions of malicious phishing emails from the reaching end- users.

Cyber security researchers & experts at Windows’ office 365 Advanced Threat Protection has noticed an malicious techniques involving the abuse of genuine cloud services like those offered by Google, Amazon, Microsoft and others. Let’s start the discussion about all three case studies of cunning phishing operations.

Case Study 1: URLs that point the legitimate but compromised websites

Once such phishing attack used URLs to Google search results that were poisoned so that they pointed to an attacker controlled page that redirected on phishing webpage constantly, Cyber crooks behinds this attack used a traffic redirector to help make sure that the attacker-controller page would always be on top of search results for certain keyboards. However, threat actor also employed another cunning method to avoid discovery. They used location specific search results which ultimately would redirect to controlled website.

Case Study 2: Abuse of 404 Error codes

Threat actors behind phishing campaigns would evade detection is by using multiple URLs and domains. Cyber security researchers explained that “Because the malformed 404 page is served to any non-existent URL in an attacker-controlled domain, the phishes could use random URLs for their campaigns. For example, we saw these two URLs used in phishing campaigns; the attackers added a single character to the second one to generate a new URL but serve the same phishing page,”

Case Study 3: Man in middle component (Novel Techniques)

Traditionally, “Man in the middle attacks” involves injecting malware or spyware on victim’s PC/machine mostly using phishing tactics. These phishing attacks is making initial email appears to be genuine. Security researchers has explained about this type of phasing attack that “Phishers sent out emails with URLs pointing to an attacker-controlled server, which served as the man-in-the-middle component and simulated Microsoft sign-in pages. The server identified certain specific information based on the recipient’s email address, including the target company, and then gathered the information specific to that company. The result was the same experience as the legitimate sign-page, which could significantly reduce suspicion.”

Microsoft released Security Intelligence Report: Dealing the year in Cyber security incidents

Report says, Microsoft has released its security Intelligence report in which they were dealing the year in Cyber security incidents. This report can easily be seen as vital piece of intelligence in that all current versions of Windows ships with Windows Defender. In the whole report, it shows that ransomware, crypto miners and other malware infections are down across the board for Windows OS users.

Microsoft explained that number of Windows OS based machine were malware has been spotted has gone down from 6-7% of total Windows ecosystem from 2017 to 4.15% in 2019. This decrement has been done due to both Windows 10 and Windows Defender receiving important security improvements over past half-decade.

You may also read: Zeppelin ransomware Attacks major organizations in Europe, US and Canada