Microsoft Azure is now on the target of fraudsters. Microsoft Azure is giving 30 days free trial, but attackers have found several loopholes in Microsoft Azure, and use its domains for phishing sites like:
Microsoft has two free sub domains like azurewebsites.net for its Azure Web Sites service and cloudapp.net for Cloud Apps and virtual machines. It is believed that many cyber criminals are exploiting customer’s virtual machine and use azurewebsites.net for phishing targets due to its easy to use its feature. You can see the below sub domains that are registered with the purpose of phishing.
The other shocking fact is Microsoft Azure offers SSL certificate run on *.azurewebsites.net, which allows a hacker to use an SSL certificate, and all sub domains are accessible via HTTPS.
Phishers use the wildcard certificate to encourage users and ensure that they are visiting a legitimate website. However, below is an image of the Apple phishing site that shows an error of mixed content on its sub domains itune-billing2update-ssl-apple.
- Can steal the credentials of Microsoft account.
- Can exploit machine working on Azure.
- Use of the free trial that gives $200 of credit for spending on all Azure services.
Microsoft has two free sub domains like azurewebsites.net for its Azure Web Sites service and cloudapp.net for Cloud Apps and virtual machines. It is believed that many cyber criminals are exploiting customer’s virtual machine and use azurewebsites.net for phishing targets due to its easy to use its feature. You can see the below sub domains that are registered with the purpose of phishing.
The other shocking fact is Microsoft Azure offers SSL certificate run on *.azurewebsites.net, which allows a hacker to use an SSL certificate, and all sub domains are accessible via HTTPS.
Phishers use the wildcard certificate to encourage users and ensure that they are visiting a legitimate website. However, below is an image of the Apple phishing site that shows an error of mixed content on its sub domains itune-billing2update-ssl-apple.
SSL Certificate Guidelines:
However, as per Mozilla CA guidelines, if the wildcard certificate is used for a fraudulent purpose, CA should revoke a certificate within 24 hours. Here, Microsoft has itself issued the SSL certificate from its subordinate CA of Verizon business and has not revoked yet. Even the certificate also does not include an OCSP responder URL, and as a result, the SSL certificate is irreversible in many browsers, for example, Mozilla Firefox.
Cyber criminals also use free email addresses like hotmail.com, outlook.com to obtain and store stolen user credentials. Phishers have incorporated their phishing kit with an email address. If the users provide credentials, they will be redirected to the phishers’ email address.
Previously, one cyber culprit was accused of using azure to proxy web traffic while accessing a phishing site. This cyber culprit has allowed log file that keeps visits of a phishing site. All these visits entries were from Microsoft Azure IP addresses.
However, customers must have to provide a phone number and credit card details to register for the free trial, so that Microsoft can ensure that the real people are accessing the Microsoft Azure service. Such information gathered from cyber culprit’s mobile phone could be utilized as a proof by taking help from local police and the mobile company.
Cyber criminals also use free email addresses like hotmail.com, outlook.com to obtain and store stolen user credentials. Phishers have incorporated their phishing kit with an email address. If the users provide credentials, they will be redirected to the phishers’ email address.
Previously, one cyber culprit was accused of using azure to proxy web traffic while accessing a phishing site. This cyber culprit has allowed log file that keeps visits of a phishing site. All these visits entries were from Microsoft Azure IP addresses.
However, customers must have to provide a phone number and credit card details to register for the free trial, so that Microsoft can ensure that the real people are accessing the Microsoft Azure service. Such information gathered from cyber culprit’s mobile phone could be utilized as a proof by taking help from local police and the mobile company.
1 comentarios:
comentariosGood article, very interesting.
Reply