In a blog article published on Tuesday, Microsoft released details of a major phishing campaign that its Digital Crimes Unit (DCU) first observed in December 2019. Criminals targeted user accounts in 62 country,
Based on the models discovered at the time, Microsoft used technical means to block the activity of criminals and deactivate the malicious application used in the attack. Microsoft recently observed new attempts by the same criminals, this time using COVID-19-related lures in phishing emails to target victims. This malicious activity is yet another form of corporate email compromise (BEC) attack, which has increased in complexity, sophistication and frequency in recent years. According to 2019 FBI Internet Crime Report, the most costly complaints received by their Internet Crime Complaint Center (IC3) concerned BEC crimes, with losses of more than $ 1.7 billion, or almost half of all financial losses due to cybercrime. While much of the public attention in recent years has rightly focused on the malicious acts of actors in nation states, the growing economic damage caused by cybercriminals must also be taken into account and confronted by them. public and private sectors. For our part, Microsoft and our digital crimes unit will continue to investigate and disrupt cybercriminals and will seek to work with law enforcement agencies worldwide, where possible, to end these crimes.