Tech Support Scam Campaign Targets U.S. Organizations Through Malicious Ads
The emergence of a tech support scam has affected 48 U.S. organizations across multiple sectors, as reported by Netskope Threat Labs. The attack utilized Bing search ads to redirect users to malicious Azure Blob Storage sites.
Beginning on February 2, the scam’s tactic involved targeting users searching for familiar terms like “amazon” with misleading ads. Clicking on these ads led victims to visit highswit[.]space, which redirected them to Azure Blob Storage containers hosting typical tech support scam webpages. Notably, this approach facilitated significant engagement, revealing the potential risk present in seemingly benign online searches.
The malicious ads redirected users to URLs in Azure Blob Storage, utilizing a consistent format that underscores the structured deployment of the attack. The scams included a variety of phone numbers for contact, such as 1-866-520-2041 and 1-833-445-4045. Netskope identified multiple Azure Blob Storage domains that hosted the scams, capturing the investigative scope of the campaign.
This incident illustrates a broader trend of escalating tech support scams that exploit advertising mechanisms in search engines to gain traction. The impact is considerable as it poses risks not only to the organizations directly affected but also signals a pervasive vulnerability across various industries.
For defenders, maintaining vigilance against such misleading advertisements through threat intelligence and monitoring will be crucial. Security solutions like SIEMs can help detect such threats, while comprehensive vulnerability scanning ensures robust protection against these evolving scams.
Indicators of Compromise (IOCs):
- Malicious domains:
- highswit[.]space
- Azure Blob Storage domains (examples):
- 2222wny78new832zzz[.]blob[.]core[.]windows[.]net
- 222oo78new832zz[.]blob[.]core[.]windows[.]net
- Phone numbers:
- 1-866-520-2041
- 1-833-445-4045
- 1-855-369-0320
- 1-866-520-2173
- 1-833-445-3957
