Domain Takedown by Microsoft
With the numerous reports of Cybercrime that targeted many Office 365 accounts, Microsoft launched its mitigation plan to address such crisis, mainly as this fraudster uses Covid-19 themed attacks. As stipulated on their plea in the U.S. District Court for the Eastern District of Virginia, they were able to take down malicious domains that are a potential carrier of possible ransomware and other malware that is controlled by deceitful perpetrators.
Purged domains that are on the list
Few on the lists that they have taken down are officeinvetorys[.]com, officehnoc[.]com, officesuited[.]com, officemtr[.]com, officesuitesoft[.]com, and mailitdaemon[.]com. These came top on their lists from different website scanning method that their Cybersecurity experts performed since December 2019 until April of this current year before they request the aid of the authority to legalize the takedown process they planned.
This has been the so-called retaliation of Microsoft against many fraudsters wherein, based on the statistics, an influx of attacks were recorded taking advantage of the pandemic situation. As reported, many attacks that have been used previously have been recycled and injected with the Covid-19 theme giving the attack a more appropriate look with the current events where people are keen to know the latest happenings around the globe. The redeployment of these malware/ransomware becomes more lethal as these not only target Office 365 credentials but also solicit direct permission to users to grant access to sensitive data on the computer and other controls. This was done through a sophisticated embedding of codes onto Open Authentication apps that a user might install in their system. A predefined authentication that a user must agree before a specific app or extension be added onto their system that asks permission to use devices attached to the system read contacts and emails, and other files stored on the targeted computer. With this agreement, it can bypass Microsoft installed defense mechanisms leaving the system in all its vulnerability.
The ingenuity of Microsoft to file for this civil case is an excellent opportunity for them to protect their brand and their customer. The proactive approach gives them additional authority and power against cyber attackers as they can immediately take-charge of removal or suspension on suspected domains given evidence of malicious activity. Despite their actions, they advised system administrators to be more cautious and vigilant. How? By restricting app installation across all users, providing security awareness training, strengthened the credential security process, and, more importantly, do regular system maintenance and checks to avoid any infiltration on the whole infrastructure.