Microsoft cybersecurity researchers are now on the hunt for a cybercriminal group using call centers to infect PCs. The group is called BazarCall, and it is using malware called Bazar Loader to deploy ransomware, targeting Microsoft 365 users.
Last month, Palo Alto’s Brad Duncan detailed the chain of events for cyberattacks using the BazarCall Method: “After a client is infected, criminals use this backdoor access to send follow-up malware, scan the environment and exploit other vulnerable hosts on the network.”
The malicious spreadsheet download infects vulnerable Windows machines with BazarLoader malware.
This blog covers what you need to know to identify these phishing attacks before they can wreak havoc, and how to educate your workforce.
Here’s What the BazarCall Method Looks Like
BazarCall is Targeting M365 users.
Microsoft Security has made researching these attacks a priority in large part because BazarCall is targeting M365 users, making it a substantial threat to the business enterprise.
Microsoft published a GitHub page sharing details about the the BazarCall campaign as it’s tracked. The page is frequently updated with details on phishing emails, use of Cobalt Strike for lateral movement, malicious Excel macros, Excel delivery techniques, and use of Windows NT Directory Services, or NTDS, to compromise AD files.
This video shares how this process sounds.
How to Protect Your Workforce
Millions of phishing attacks are underway every week with 40% of company data lost through employees who are unaware or less cautious on certain devices. Educating your workforce can make it more challenging for bad actors to find an entry point.
Here are the basics:
- Run an effective company-wide security and compliance training, here’s how.
- Run a simulated phishing campaign to test your workforce.
- Keep the dialogue going, sharing active updates on threats like this one.
Some other helpful hints?
While many users are ditching Active Directory (this infographic shows you how) and filling the gaps with more intelligent Microsoft-driven alternatives, assessing your security assessment upfront is mission-critical to every organization. A security assessment helps your organization quickly pinpoint risk factors and act to prevent them from ever becoming issues.
The NIST Cybersecurity Framework has become the industry standard for gauging how integrated cybersecurity risk decisions are factored into big-picture business operations, using four tiers to measure cybersecurity risk: partial, risk-informed, repeatable, and adaptable.