Cybersecurity Alert | Neuways | Phishing Campaign – Technologist

A recent surge in cyber threats has revealed the exploitation of Microsoft Sway, a cloud-based tool for creating online presentations, in a widespread QR code phishing campaign. The campaign, identified in July 2024, specifically targeted Microsoft 365 users, marking a significant uptick in phishing activities and posing a serious threat to organisations worldwide. Read more on the latest cybersecurity alert below.

What happened with the phishing campaign?

The phishing attacks were detected following a dramatic 2,000-fold increase in the use of Microsoft Sway to host malicious landing pages designed to steal Microsoft 365 credentials. This surge in activity is particularly alarming, given the relative inactivity in this area during the first half of 2024, indicating a well-coordinated and large-scale operation.

The attackers focused their efforts on users in Asia and North America, with industries such as technology, manufacturing, and finance being the most targeted. These sectors are likely chosen due to the high data value and credentials that can be compromised.

How the Attack Works

The campaign employs sophisticated tactics to trick users into handing over sensitive information. Potential victims receive phishing emails that redirect them to malicious landing pages hosted on the sway.cloud.Microsoft domain. These pages prompt users to scan QR codes, leading to additional phishing sites.

This method of attack leverages the increasing use of QR codes, particularly on mobile devices, which often have weaker security measures than desktops and laptops. The embedded URLs in QR codes can easily bypass email scanners, which typically focus on detecting text-based threats. As a result, users who scan these codes using their smartphones are more susceptible to falling victim to these attacks.

Advanced Tactics Employed

The attackers have incorporated several advanced tactics to enhance the effectiveness of their campaign:

Transparent Phishing: This technique allows the attackers to steal credentials and multi-factor authentication (MFA) codes. Once obtained, they use this information to sign victims into their legitimate Microsoft accounts, making the phishing attempt appear more authentic and more challenging to detect.

Cloudflare Turnstile: The attackers used Cloudflare Turnstile to evade detection by static scanners and maintain the credibility of their phishing domains. This tool, designed to protect websites from bots, also helps shield phishing content from web filtering services like Google Safe Browsing.

Historical Context

This is not the first time Microsoft Sway has been exploited in phishing campaigns and is not the first cybersecurity alert either this year. Five years ago, the PerSwaysion phishing campaign used a similar approach to target Office 365 login credentials. That campaign, part of a Malware-as-a-Service (MaaS) operation, successfully compromised high-ranking individuals across various industries, including financial services, law firms, and real estate groups.

The ongoing abuse of Microsoft Sway underscores the need for heightened vigilance and robust cybersecurity measures. Organisations must remain proactive in defending against these sophisticated threats, ensuring that technological defences and user awareness are continuously updated.

So what happened in this cybersecurity alert?

As this massive QR code phishing campaign illustrates, cybercriminals are becoming increasingly creative in their methods. They can deceive even the most cautious users by exploiting trusted platforms like Microsoft Sway and leveraging newer technologies such as QR codes.

Organisations must avoid these threats by implementing comprehensive security protocols, educating their employees on the latest phishing tactics, and ensuring that all devices, especially mobile ones, are equipped with strong security measures.

Who are Neuways?

At Neuways, we are committed to providing the latest cybersecurity alerts and solutions and expertise to protect your organisation from emerging threats. Stay informed, stay secure. For more information on how to protect your organisation from phishing attacks, contact Neuways.