Microsoft’s threat analysts have released extensive guidance and warnings about recently discovered malicious activity deriving from online content forms.
Microsoft’s analysts have discovered several instances of contact forms published on legitimate websites being hacked to deliver dangerous links to organizations in the form of fraudulent legal threats.
The malicious emails open with a number of serious-sounding allegations, before instructing recipients to follow a link to see the evidence behind the accusations. This link downloads IceID, a malware designed to steal data.
This form of email attack takes advantage of the feelings of insecurity caused by legal issues and a sense of urgency, which panics users into taking action that they ordinarily might think twice about.
This latest attack is another example of the ways bad actors are using traditional, legitimate online infrastructure (contact forms) to attack vulnerabilities and breach organizations in increasingly subtle ways.
IceID is a banking trojan largely used for exploration and extraction of banking credentials, as well as allowing remote access and control of networks that allow bad actors to deliver extra malware and ransomware.
This latest threat shows how cybercriminals are constantly looking for new ways to infiltrate networks and how seemingly harmless activities can sometimes be harnessed to deliver malicious software.
Microsoft has stated that Microsoft Defender for Office 365 detects and blocks these emails and protects organizations from this threat and that their threat analysts are continuing to actively investigate the threat. As the threat takes advantage of Google URLs, Microsoft has also alerted the relevant security groups at Google.
Microsoft has published an extensive description and analysis of how it tracks and protects against these types of threats, as well as guidance on how to defend against them.
It is important to always take care when entering any personal details into online forms that you are certain the forms are what they say they are. You should also never click links or agree to download anything from emails unless you know the sender and are confident in their veracity.