Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. The identified resources in one of the malicious campaigns impersonate various services appearing to be legitimately created on the “azurefd.net” domain – This allows the bad actors to trick users and spread phishing content to intercept credentials from business applications and e-mail accounts. Notably, most phishing resources were designed to target SendGrid, Docusign and Amazon customers.
These phishing emails are difficult to differentiate from at first glance and therefore they are clearly working on the desired victims. These attacks target those who may not be familiar with the protocol of what to do in these situations, and coupled up with more home working and the limited immediate verification via co-workers, many will simply follow the steps and divulge their credentials. This is all it takes to then target those accounts and even attempt further phases of an attack. To mitigate these sorts of attempts, as well as ongoing cyber awareness training, multi factor authentication logins are safer than just replying on username and passwords.