Front Page: NCSC-FI
Front Page: NCSC-FI

The warning about the Microsoft 365 security breach has been removed

Information security now!

The phishing campaign that hijacked the e-mail accounts of Finnish organisations has subsided, and the number of reports of Microsoft 365 account breaches has declined. Similar large-scale phishing and security breach campaigns will possibly be seen in the future as well, but at the moment there is no reason to be alarmed.

A serious warning about the Microsoft 365 security breach was published on October 20, 2023. Criminals fished for Microsoft 365 environment passwords with fake e-mail messages in the security breach that spread during autumn. The phishing used a secure mail theme, which increased the credibility of the fake messages. There were an extraordinary number of victims. Several thousand e-mail messages have been sent so far in the campaign in question, and in total organisations have reported hundreds of account breaches.

Phishing and security breach cases reported to the National Cyber Security Centre Finland often progressed in such a way that the attacker sent phishing messages from the hacked email account to the user's contacts. The contents of the messages varied, but in many cases, the phishing message looked like a secure email message. The message was faked to resemble a common secure mail solution, but the link to the secure mail service directed to a website owned by the criminals, where the victim was asked to enter their user credentials. The phishing sites used advanced adversary-in-the-middle automation (AitM) which, in some cases, was able to bypass the multi-factor authentication.

Criminals tend to change the themes and methods of their scams, so phishing and security breach campaigns will certainly be seen in the future as well. Please stay vigilant.