"Cybercriminals Use Azure Front Door in Phishing Attacks"

Resecurity, Inc. (USA) has discovered an increase in phishing content delivered via Azure Front Door (AFD), a Microsoft cloud CDN service. In one of the malicious campaigns, the identified resources impersonated various services that appeared to be legitimately created on the "azurefd.net" domain. This enables malicious actors to deceive users and spread phishing content in order to intercept credentials from business applications and e-mail accounts. The majority of phishing resources were designed to target customers of SendGrid, Docusign, and Amazon, as well as several other major Japanese and Middle Eastern online service providers and corporations. Such tactics, according to experts, demonstrate how threat actors are constantly looking to improve their tactics and procedures to avoid phishing detection using well-known cloud services. Based on the analyzed phishing templates, the attackers are most likely using an automated method to generate their phishing messages, allowing them to scale their campaigns to eventually target a larger number of customers worldwide. Resecurity cybersecurity researchers identified multiple domains used in the new wave of phishing attacks dating back to the beginning of June, some of which are difficult to distinguish from legitimate correspondence because of their naming and reference to Azure Front Door. This article continues to discuss cybercriminals' use of AFD in the performance of phishing attacks. 

Help Net Security reports "Cybercriminals Use Azure Front Door in Phishing Attacks"