Cyber enemies are now using Microsoft’s Azure’s Static Web Apps service against its customers, aggressively targeting users with Microsoft, Office 365, Outlook, and OneDrive accounts with the purpose of stealing the user’s credentials.

The Azure Static Web Apps service permits web application developers to use customized domains for labeling web applications. It also provides web hosting for static content such as HTML, JavaScript, and CSS.

Unfortunately, these features can effortlessly be exploited to host very tricky and Microsoft official looking static landing phishing pages. These phishing pages are fooling even the most diligent of employees and allowing the bad guys to get access to their Microsoft credentials. The impact to your business could be financially and reputationally devastating.

Best Practice Recommendations

RAVENii recommends the following:

• Implement a security and phishing training program for your employees.
• Implement Multi-Factor Authentication (MFA) for all applicable users and systems in your network.
• Implement a threat hunting solution to monitor your network traffic.

Security Training & Phishing Testing Program

A complete and comprehensive security program must include Security Training and Phishing Testing for your employees. The main reason being that most cybersecurity breaches are caused by human error.

To help your employees know how to spot a phishing landing page, create a customized phishing test to simulate what the bad guys are doing. (If you are a subscriber to RAVENii’s Managed Security Awareness Training & Phishing Testing service AND you are utilizing Microsoft’s Azure Static Web Apps service, we will work with you to build these campaigns.)

Multi-Factor Authentication

MFA requires more than one distinct authentication factor in order for a worker to gain access to your systems. For example, entering your login credentials and then a 6-digit code sent to your phone as a text message or to your email address.

RAVENii recommends and can assist with doing an assessment of your environment before trying to apply a solution. Several factors need to be considered before purchasing & implementing an MFA tool.

1. You need to consider scope. What systems and what users will it be enabled?
2. You need to understand risk. The business will need to have input on the risk implications if MFA is not deployed.
3. You need to account for compliance requirements.
4. You need to confirm all your systems, like the exchange cloud for O365, are configured properly.

Network Security Monitoring

Monitoring and actively threat hunting in your network traffic for anomalies gives you the visibility you need to see and take action before damage is done by one of these phishing landing page spoofs.

RAVENii strongly recommends implementing a tool with 3rd Wave Artificial Intelligence because it has the ability to identify Zero Day Attacks (attacks with no known signatures).

For more information on protecting your network, contact RAVENii at [email protected] or visit www.ravenii.com.