"Microsoft Lures Populate Half of Credential-Swiping Phishing Emails"

Researchers at Cofense have analyzed millions of emails related to various attacks and found that 57 percent were phishing emails aiming to steal victim usernames and passwords.  The remainder of malicious emails were utilized in business email compromise (BEC) attacks or were used for malware delivery.   Almost 17 percent of the emails identified as malicious were related to a financial transaction. Nearly half of phishing attacks in 2020 aimed to swipe credentials using Microsoft-related lures – from the Office 365 enterprise service lineup to its Teams collaboration platform.  The researchers also found that in 2020 the GuLoader dropper rose as one of the top malware delivery mechanisms in email attacks.  The malware, which first appeared in the first quarter and surged during the second quarter of 2020, is used to deliver remote administration tools, keyloggers, credential stealers, and other malware phenotypes.

Threatpost reports: "Microsoft Lures Populate Half of Credential-Swiping Phishing Emails"