According to documents revealed by the U.S. District Court for the Eastern District of Virginia, Microsoft took legal action against cybercriminals who tried to target its customers in 62 countries. The Redmond-based company swung into action and cracked down on fraudsters who tried to use the on-going pandemic situation to their advantage by launching various cyberattacks.
Microsoft takes legal action against cybercriminals
Thanks to its legal action, Microsoft could seize control of “key domains in the criminals’ infrastructure.” As a result, they can no longer be used to launch cyberattacks against their victims. In his recent blog post, Tom Burt, Corporate Vice President of Customer Security & Trust at Microsoft, wrote:
“Our civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminals’ infrastructure so that it can no longer be used to execute cyberattacks.”
Microsoft spent months monitoring the activities of these cybercriminals ever since they deployed a sophisticated phishing scheme against its customers back in December last year. Hackers tried to steal customer email, contact lists, among other sensitive information.
Back then, Microsoft blocked phishing activities by means of technical methods. However, Microsoft decided to take the legal route after it noticed renewed phishing attempts by the same criminals.
Microsoft continues to observe a significant increase in business email compromise (BEC) as far as the sophistication and frequency of those attacks are concerned.
Microsoft further cited the FBI’s 2019 Internet Crime Report, according to which the most-costly complaints received by their Internet Crime Complaint Center (IC3) involved BEC crimes. These complaints equal to losses of more than $1.7 billion, further representing almost half of all financial losses due to cybercrime.
Microsoft aims to highlight the increasing economic harm caused by cybercriminals targeting both the public and private sectors.
“For our part, Microsoft and our Digital Crimes Unit will continue to investigate and disrupt cybercriminals and will seek to work with law enforcement agencies around the world, whenever possible, to stop these crimes,” Burt further added.
According to Microsoft, attackers largely impersonated an employer or other trusted source to increase the chances of a successful phishing attempt. Attackers also targeted business leaders across industries.
Users are advised to enable two-factor authentication on both business and personal email accounts. You can also enable security alerts about links and files from suspicious websites and be careful about any suspicious activity.