Microsoft AI chip
According to a new report, Microsoft is attackers' favourite brand when it comes to impersonating. Pixabay

A new report by Cloudflare suggests Microsoft is the most impersonated brand in the world. Aside from impersonating Microsoft on several occasions, attackers use the company's own tools to commit fraud.

Unsurprisingly, India's Ministry of Defence is prepping to oust Microsoft Windows OS in favour of a more secure Maya OS amid rising cyber threats.

Reportedly, cybercriminals posed as about 1,000 different organisations in almost a billion impersonation attempts against those using Cloudflare products. Notably, 51.7 per cent of the time, email attackers impersonated one of 20 well-known global brands, with Microsoft topping the charts.

The number two spot on the list is acquired by WHO (World Health Organization). Likewise, Google, SpaceX, and Salesforce are in third, fourth, and fifth spots, respectively. Apple is number six on the list. It is no secret that attackers impersonate the brands and entities people trust and rely on.

In its report dubbed "2023 Email Threat Report," Cloudflare found that attackers impersonated Salesforce the most in the SaaS (Software-as-a-Service) category, followed by Notion.so and Box. Similarly, Mastercard is the most impersonated brand in the financial services sector.

Microsoft is attackers' favourite brand to impersonate

Cloudflare recently detected and blocked a phishing campaign that used the Microsoft brand in a bid to harvest credentials via a legitimate but compromised website. The email had no text, but the entire body is a hyperlinked JPEG image.

Now, if the recipient clicks anywhere in the body, they will effectively be clicking the link. When the link is clicked, the victim's browser is redirected to a compromised website which is being used to host a credential harvester.

The attack used Microsoft Office 365 branding and included brand information within the image. So, there is no plaintext or HTML text that the receiver could inspect to identify the brand. However, Cloudflare used OCR (optical character recognition) to identify "Office 365" and "Microsoft" in the image. The image was hyperlinked to a Baidu URL.

India's SBI (State Bank of India) is the third most impersonated brand In the (APAC) Asia Pacific region, followed by LINE and JCB Global, as per a report by Analytics India Mag. Last month, Microsoft declared that China-based hackers breached US government email accounts, seeking intelligence information.

As if that weren't enough, an engineer at cybersecurity firm Tenable found an issue with the Microsoft Azure platform earlier this year. Reportedly, the issue allowed an unauthenticated attacker to access cross-tenant apps, as well as sensitive data including authentication secrets.

"To give you an idea of how bad this was, our team quickly discovered authentication secrets to a bank," Tenable chairman and CEO Amit Yoran wrote in a LinkedIn blog post. "They were so concerned about the seriousness and the ethics of the issue that we immediately notified Microsoft," he added.

Microsoft finds vulnerabilities that could lead to outages

To those unaware, Microsoft's products such as Windows OS, Office productivity suite, and Azure cloud computing platform are being used by many government agencies and private businesses worldwide. Unfortunately, the American tech behemoth recently found 15 serious flaws in the CODESYS V3 SDK, that have the potential to turn off power plants.

It is worth noting that the tool is designed to help factories and power plants run smoothly. If some criminals discover these weak spots, they could cause major issues. For instance, they could turn off a whole power plant or change how things work. However, attackers need a special kind of access, as well as a thorough knowledge of the tool to take advantage of these weak spots.

"The discovery of these vulnerabilities highlights the critical importance of ensuring the security of industrial control systems and underscores the need for continuous monitoring and protection of these environments," Microsoft security researchers said in a blog post.