Log in
Show password
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Dynamic quotes 


SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Microsoft : How Microsoft is fighting an emerging cybercrime trend

07/19/2021 | 05:22pm EDT

On July 16, Microsoft's Digital Crimes Unit (DCU) again secured a court order to take down malicious infrastructure used by cybercriminals. As we continually explore new ways to combat emerging trends and techniques to better protect our customers, we filed this case to target the use of 'homoglyph' ­- or imposter - domains that are increasingly being used in a variety of attacks. As a result, a judge in the Eastern District of Virginia issued a court order requiring domain registrars to disable service on malicious domains that have been used to impersonate Microsoft customers and commit fraud.

These malicious homoglyphs exploit similarities of alpha-numeric characters to create deceptive domains to unlawfully impersonate legitimate organizations. For example, a homoglyph domain may utilize characters with shapes that appear identical or very similar to the characters of a legitimate domain, such as the capital letter 'O' and the number '0' (e.g. MICROSOFT.COM vs. MICR0S0FT.COM) or an uppercase 'I' and a lowercase 'l' (e.g. MICROSOFT.COM vs. MlCROSOFT.COM). We continue to see this technique used in business email compromise (BEC), nation state activity, malware and ransomware distribution, often combined with credential phishing and account compromise to deceive victims and infiltrate customer networks.

This case started with a single customer complaint regarding BEC, and our investigation revealed that this criminal group had created 17 additional malicious homoglyph domains that were registered with third parties. The targets are predominantly small businesses operating in North America across several industries. Based on the techniques deployed, the criminals appear to be financially motivated, and we believe they are part of an extensive network that appears to be based out of West Africa.

In this BEC attack, these fraudulent domains, together with stolen customer credentials, were used by cybercriminals to unlawfully access and monitor accounts. The group proceeded to gather intelligence to impersonate these customers in an attempt to trick victims into transferring funds to the cybercriminals. Once the criminals gained access to a network, they imitated customer employees and targeted their trusted networks, vendors, contractors and agents in an effort to deceive them into sending or approving fraudulent financial payments.

In this instance, the criminals identified a legitimate email communication from the compromised account of an Office 365 customer referencing payment issues and asking for advice on processing payments. The criminals capitalized on this information and sent an impersonation email from a homoglyph domain using the same sender name and nearly identical domain. The only difference between the genuine communication and the imposter communication was a single letter changed in the mail exchange domain, done to escape notice of the recipient and deceive them into believing the email was a legitimate communication from a known trusted source. As seen in the example below, these criminals used the same subject line and format of an email from the earlier, legitimate conversation, but falsely claimed a hold had been placed on the account by the CFO, time was running out and payment needed to be received as soon as possible.


Often, once detected or addressed by Microsoft through technical means, these criminals move their malicious infrastructure outside the Microsoft ecosystem and onto third-party services in an attempt to continue their illegal activities. With this case, we secured an order which eliminates the defendants' ability to move these domains to other providers. The action will further allow us to diminish the criminals' capabilities and, more importantly, obtain additional evidence to undertake further disruptions inside and outside court. This disruption effort follows 23 previous legal actions against malware and nation-state groups that we've taken in collaboration with law enforcement and other partners since 2010.

Microsoft goes to great lengths to protect customer accounts. Office 365 uses real-time anti-spam and multiple anti-malware engines to prevent threats from reaching their inboxes. Microsoft also offers Defender for Office 365, which helps protect customers against new, sophisticated attacks in real time. When we identify customer accounts that have been targeted or compromised, such as the ones in today's court order, or where our investigations uncover homoglyph domains impersonating customers, we provide notice through the Microsoft 365 Message Center.

Cybercriminals are getting more sophisticated. Microsoft's Digital Crimes Unit will continue to fight cybercrime with our comprehensive efforts to disrupt the malicious infrastructure used by criminals, through referrals to law enforcement, civil legal actions on behalf of our customers such as this one, or technical measures in partnership with our product and service teams. Organizations should regularly check for messages in the Microsoft 365 Message Center and can follow these steps to prevent BEC attacks.

Tags: business email compromise, cybersecurity, Digital Crimes Unit, homoglyphs, malware, phishing


Microsoft Corporation published this content on 19 July 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 19 July 2021 21:21:02 UTC.

ę Publicnow 2021
01:12pSTUDENTS : Register now to participate in 20th Imagine Cup competition
09/20Wall Street ends sharply lower in broad sell-off
09/20Wall Street ends sharply lower in broad sell-off
09/20S&P 500 down more than 2% as growth worries rise
09/20DMY TECHNOLOGY III : IonQ Launches Second Round of Research Credits Program
09/20GLOBAL MARKETS LIVE : Universal Music Group, China Evergrande, ENI, Prudential, Microsoft...
09/20MICROSOFT : donates $100 million to Breakthrough Energy Catalyst to accelerate and scale c..
09/20MICROSOFT : Data integration startup Fivetran raises $565 million at $5.6 bln valuation
09/20Wall St tumbles on growth worries; focus turns to Fed
09/20Wall St set to drop at open on growth worries; focus turns to Fed
More news
Analyst Recommendations on MICROSOFT CORPORATION
More recommendations
Financials (USD)
Sales 2022 192 B - -
Net income 2022 66 336 M - -
Net cash 2022 92 059 M - -
P/E ratio 2022 33,7x
Yield 2022 0,83%
Capitalization 2 215 B 2 215 B -
EV / Sales 2022 11,1x
EV / Sales 2023 9,69x
Nbr of Employees 181 000
Free-Float 99,9%
Duration : Period :
Microsoft Corporation Technical Analysis Chart | MSFT | US5949181045 | MarketScreener
Technical analysis trends MICROSOFT CORPORATION
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus BUY
Number of Analysts 36
Last Close Price 294,80 $
Average target price 334,59 $
Spread / Average Target 13,5%
EPS Revisions
Managers and Directors
Satya Nadella Chairman & Chief Executive Officer
Bradford L. Smith President & Chief Legal Officer
Amy E. Hood Chief Financial Officer & Executive Vice President
James Kevin Scott Chief Technology Officer & Executive VP
Kirk Koenigsbauer COO & VP-Experiences & Devices Group
Sector and Competitors
1st jan.Capi. (M$)
SEA LIMITED65.60%182 001