Microsoft Tech Support Scams Moving Towards Azure Cloud Services for Deployment (May 16, 2019)
Security researchers have found tech support scams in the wild that are themed around the Microsoft Azure cloud platform for ease of deployment and inexpensive web hosting. The Microsoft Azure feature “App Services” allows quick, mass deployable web sites in the cloud. One of the advantages of using Azure to host your site is that every web site is secured using an SSL certificate from Microsoft. This can make some users think that they are on a legitimate site owned and operated by Microsoft. This apparent legitimacy helps to further the success of the scams, pretending to be support sites for Microsoft, insisting the computer is infected with spyware or a virus. Once reported, links can stay active for 4-5 days before shutdown, giving threat actors time to create new Azure accounts and mass deploy another batch of websites to display scams. In addition to tech support scams, phishing sites are also moving to Azure cloud services to take advantage of Microsoft SSL certificates. Scammers are also utilizing Azure Blob Storage to store their phishing scams.
Recommendation: Technical support scams are common threats facing individuals and companies alike. Any image that appears which requests a phone number be called in order to receive assistance in repairing a machine is likely fake. Often times there are research blogs that provide instructions to remove malware related to these types of scams from an infected machine. Policies should also be in place to educate your employees on the proper steps to avoid these scams, and who to inform if such an instance occurs.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.