With a 156% surge in Microsoft-related phishing scams, attackers are increasingly using familiar business tools to bypass security and compromise organisations. Marc Olesen, CEO of Cofense, explains why companies must act now to stay ahead of the threat
Modern businesses rely on an array of trusted software to maintain streamlined operations. From enterprise resource management tools to cloud collaboration platforms, these solutions have become integral to day-to-day functions. Yet, this dependency comes with a dark edge. Cyber threat actors are increasingly exploiting these trusted tools to breach organisations, leveraging their legitimacy and widespread adoption as a powerful weapon.
This alarming increase highlights how cybercriminals are consistently adapting their tactics to exploit the trust users place in well-known brands like Microsoft. The US giant has been identified by Cofense Intelligence as the most frequently spoofed brand, with a staggering 156% rise in spoofing activity from 2023 to 2024. This year-on-year rise in brand impersonation indicates a need for organisations to double down on their email security measures and user training programmes. By mimicking familiar interfaces and leveraging the credibility of this household name, these phishing campaigns have become increasingly sophisticated, making it more challenging for employees to detect malicious emails.
A good example of this is a recent phishing campaign that exploits the growing familiarity with Microsoft’s AI assistant, Copilot. Analysts at the Cofense Phishing Defense Center (PDC) identified this attack, in which threat actors sent spoofed emails appearing to originate from Microsoft Copilot, informing users of an invoice or payment requirement. Given that Copilot is a relatively new service, users may be uncertain about its billing practices, making them more susceptible to such scams. The email contained a link leading to a counterfeit Microsoft login page, complete with branding and design elements to enhance credibility. After entering their credentials, users were directed to a fake multi-factor authentication (MFA) page, providing attackers with additional time to exploit the stolen information. This campaign underscores the need for user education regarding new services and the importance of verifying the authenticity of unexpected communications.
Another attack identified by the Cofense PDC involved an email posing as a file deletion reminder from a legitimate file-sharing service, such as files.fm. The email urged recipients to take immediate action to prevent the deletion of important files. Clicking the provided link directed the user to a legitimate files.fm page hosting a seemingly harmless PDF document. Once the PDF was opened, the user was presented with two options: “Preview” and “Download.” Each option led to a different attack vector:
Preview: Selecting this redirects the user to a counterfeit Microsoft login page designed to harvest Office 365 credentials.
Download: This initiates the download of a malicious executable file disguised as a legitimate Microsoft installer. Executing this file installs the ConnectWise Remote Access Trojan (RAT), granting attackers unauthorized access to the user’s system.
This attack is further evidence of attackers increasingly targeting widely used workplace tools, turning new technologies like generative AI into potential attack vectors. The consequences of such exploits extend far beyond financial losses or regulatory penalties. Breaches stemming from trusted software attack the fundamental fabric of business trust and reliability. Partners may begin questioning an organisation’s ability to safeguard critical data, while customers may hesitate to continue engaging in transactions with compromised systems.
While attackers grow bolder, organisations still have tools to combat these threats. Proactivity must replace reactive strategies to mitigate risks tied to trusted business software. Here are critical measures to prioritise:
1. Routine Software Updates
Vendors consistently release patches and updates to address emerging vulnerabilities. Ensuring your team applies these patches immediately can shut down exploitation opportunities before attacker’s strike. Create a dedicated process to track updates and enforce timely implementation across all systems.
2. Employee Education
Cybercriminals often bet on human error to succeed. Regular training sessions can educate employees on best practices, such as recognising phishing emails, verifying software update authenticity, and adhering to strong password protocols. Strengthening your first line of defence can drastically reduce breach risks.
3. Adopt a Zero-Trust Security Model
Zero-trust architectures operate under the assumption that no actor, system, or connector is inherently trusted, even if internal. By continuously verifying user identities, monitoring behaviour, and enforcing least-privilege access, businesses can limit how far attackers can move if a breach occurs.
4. Evaluate Vendor Security
Assess your software vendors and partners for their commitment to cybersecurity. Ask about their practices for securing updates and managing credentials.
The same tools that boost productivity and efficiency can become an organisation’s Achilles’ heel if not managed correctly. Recognising the risks associated with trusted business software is half the battle; the other half lies in taking proactive measures to mitigate these types of modern-day phishing threats.
By implementing advanced email protection tools, conducting regular phishing simulations, and educating their workforce to promote a culture of cybersecurity awareness, organisations can shift the balance of power away from threat actors. While no software is entirely immune to attack, a comprehensive defensive strategy significantly increases the odds of staying ahead. Businesses that prioritise protection stand to retain not just their data, but the trust and confidence of those they serve. The time to act is now.The increasing reliance on software to drive business success doesn’t have to be a pitfall. IT teams and business leaders must work together to balance innovation with caution, ensuring the tools that connect and empower us don’t become our greatest weakness.
Main photo: Tima Miroshnichenko/Pexels
