News
73% of phishing sites impersonate Microsoft products-related login pages
December 2021 by Atlas VPN
By exploiting found vulnerabilities or using people’s unawareness of good cybersecurity practices, threat actors launch different cyberattacks, which would affect a large audience and bring the most benefits.
According to the data presented by the Atlas VPN team, 73% of phishing sites impersonate Microsoft product-related pages. Furthermore, 50% of compromised accounts get accessed by hackers in 12 hours, and in a week, 9 out of 10 accounts are fully taken over by threat actors.
Cybercriminals impersonated Microsoft account login pages in 60% of phishing sites. As Microsoft products are used widely globally, threat actors find them the best targets to look for vulnerabilities.
Threat actors imitated Adobe Document Cloud login pages in 26% of phishing websites. By having access to the cloud, cybercriminals could inject malicious files into documents such as malware or ransomware.
Cybercriminals used fake Microsoft SharePoint login pages in 8% of their phishing sites. Once in control of the account, the attacker uploads a malicious file and then changes the file’s sharing permission to ‘public,’ allowing anybody to spread the link further.
Microsoft Office 365 and OneDrive login pages were both impersonated by cybercriminals in 3% and 2% of phishing sites, respectively.
Cybersecurity writer at Atlas VPN Vilius Kardelis shares his thoughts on business email compromises:
“One of the most common issues in email security is business email compromise (BEC). With access to Microsoft accounts, cybercriminals can deliver emails, host malicious pages, or create malicious documents, which allows them to spread their attack more efficiently. Multi-factor authentication on work-related accounts should be mandatory to mitigate the risk.”
Gone in a week
While some use automated tools to test credentials, other attackers manually authenticate the validity of your login information.
Threat actors accessed 23% of all accounts immediately after the compromise. Attackers likely took over the accounts with an automated script to validate the legitimacy of the credentials. After an hour, the breach had happened, cybercriminals manually took over 18% of the accounts.
After 6 hours passed, 2 out of 5 (40%) accounts were manually accessed by hackers. In 12 hours, half of the accounts (50%) were taken over by cybercriminals.
After a day, 64% of accounts were taken over manually by cybercriminals. Finally, nearly all of the accounts, 91%, had been accessed within a week after compromise.
