After inserting their email address on the spoofed login page, users were redirected again; this time to
            the legitimate login.live.com – Microsoft’s real login page. The threat actor then set a session cookie on
            the user’s device during the redirection process, allowing visibility into victims’ credentials and, in turn,
            easily accessing their accounts.


            Microsoft quickly mitigated the issue soon after the incident response team shared their findings with
            Microsoft’s security team.




            Gone Phishing

            This sophisticated quishing campaign exploiting Microsoft’s open redirect vulnerabilities is a testament
            to the ever-evolving, increasingly sophisticated nature of phishing attacks.


            Organizations must stay vigilant – regularly updating security protocols and educating teams to better
            recognize the nascent ways cybercriminals exploit and circumvent the latest cybersecurity frameworks.

            To paraphrase the old adage, there’s always a bigger phish to phry.






            About the Author

            Elad  Damari  is  a  Cyber  Expert  and  Incident  Response  Team  Leader  at
            Perception Point. There, he leads the team in identifying and reducing cyber
            risk for enterprises globally. Elad can be reached online through his LinkedIn
            (https://www.linkedin.com/in/elad-damari)  and  at  our  company  website
            https://perception-point.io


























            Cyber Defense eMagazine – February 2024 Edition                                                                                                                                                                                                          109
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.