Microsoft warns millions of Windows users: Change your browser if new attacks are underway

Updated October 11, with details on Microsoft Edge’s proposed new technology to rival Google Chrome in terms of user privacy and security.

Microsoft just issued a new alert for millions of Windows users that “threat actors are increasingly using [new] Tactics designed to bypass defense mechanisms.” These attacks have increased over the last six months and the company has now issued detailed recommendations.

The attacks that “abuse legitimate file hosting services are increasingly using defensive tactics to bypass restricted access files and view-only restrictions.” Ultimately, however, you still rely on a fraudulent website to harvest user credentials – this is the weak point in the attack chain and the best opportunity for users and their organizations to nip attacks in the bud.

This leads to Microsoft’s recommendation to “use Microsoft Edge to automatically identify and block malicious websites, including those used in this phishing campaign.” This leverages the connection between Edge and Microsoft Defender SmartScreen to “a “To provide an early warning system about websites that may be conducting phishing attacks or attempting to spread malware through a targeted attack.”

ForbesApple’s new iPhone update – bad news for millions of Google usersFrom Zak Doffman

Last month, I reported that Microsoft had issued the same warning to Chrome users about switching to Edge, in response to a zero-day vulnerability identified by threat hunters that prompted the US government to do so to require all federal employees to update Chrome or stop using the browser completely.

Microsoft’s advisory asks companies to promote the use of “Microsoft Edge and other web browsers that support Microsoft Defender SmartScreen, which identifies and blocks malicious websites, including phishing websites, scam sites, and websites that host malware.” In simpler terms : not Google Chrome.

As I commented at the time: “Although there is a case for Edge over Chrome when it comes to malware protection, it seems a bit lopsided that a Microsoft product that competes with Chrome is now recommended for a CVE in a Microsoft-published security advisory . “Riding a wave of Chrome-generated advertising.”

There is no such specific approach this time, but Microsoft is pushing for a common, entrepreneurial approach to fending off such business compromises. The company is committed to moving Chrome users to Edge and has been called out in the past over security warnings that users saw when they installed Chrome from a Windows PC. So with that in mind, this appears to be part of that broader campaign.

The use of trusted file sharing platforms – especially Dropbox, Sharepoint and OneDrive – is designed to entice employees to open files that appear to be covered by their company’s security wrapper. “The widespread use of such services also makes them attractive targets for threat actors, who exploit the trust and familiarity associated with these services to distribute malicious files and links, often evading detection by traditional security measures.”

Such attacks are not new, but the latest twist that Microsoft has identified is the use of files with access restricted to the recipient or files with view-only settings, both aimed at tricking corporate security systems into linking through and trick users into trusting the malicious payload.

“Often,” says Microsoft, “users from trusted providers are added to allow lists through policies set by the organization for Exchange Online products so that phishing emails can be successfully delivered.” The attacks themselves have typical ones Goals: Theft of credentials and access to company systems and financial gain.

Because the chain begins with a compromise, allowing the attack to begin in a trusted environment, attackers can also tailor filenames to appear relevant to ongoing engagements: “familiar topics based on existing conversations… for example, when between “There have been previous interactions between the two organizations.” After a review, the shared files could be named ‘Audit report 2024‘.” Microsoft has also seen such file names and outreach campaigns use urgent headlines to prompt immediate action.

Once the user has gone through MFA to access their legitimate file sharing platform and “the user has been successfully authorized and can view a document,” the next step is to create a file, “often disguised as a preview, with a malicious Link, which is another “lure” to get the target user to click on the “View My Message” access link.”

This link takes the user to the fraudulent website created for the campaign, “where the user is asked to provide the password and complete multi-factor authentication (MFA). The compromised token can then be used by the threat actor to Conduct a second-stage attack and continue the campaign.”

ForbesGoogle warns Play Store users – 95% of threats are hidden in these dangerous appsFrom Zak Doffman

This is where recommended enterprise use of Edge comes in, but Microsoft also recommends the use of Conditional Access policies, which can restrict access based on analysis of various signals and the broader user experience of Microsoft Defender.

“By understanding these evolving threats and implementing recommended mitigations,” Microsoft says, “organizations can better protect themselves from these sophisticated campaigns and protect digital assets.”

This isn’t the only recent push for Windows users to switch to Edge, and we’ve just seen performance improvements highlighted as part of the campaign. But as I mentioned earlier, using this connected enterprise approach to combat business threats is smart. Pushing Edge as a CISO recommendation rather than a user choice would reach more users, and if the browser is successful, Edge may finally erode Chrome’s stunning dominance of the desktop browser market.

Security and performance aside, there’s perhaps an even more interesting development within Microsoft’s Edge ecosystem that Chrome could well have its sights on. And this could target a much more sensitive area when it comes to Chrome – privacy and the dreaded tracking cookies, which should have been dead long ago but have now been given new life.

As picked up by NeowinMicrosoft has just released details of “a limited preview of a new privacy-preserving ads API for developers on Microsoft Edge’s Canary and Dev channels… The API is called the Ad Selection API and is designed for displaying online ads, but in “more privacy-friendly than using third-party cookies to track you across the internet.”

ForbesGoogle’s replacement for Chrome’s tracking cookies is stuckFrom Zak Doffman

According to Microsoft, while this new proposal is “substantially similar to other ad serving proposals in terms of structure, flow, and syntax,” it has “some key differences in the overall model and infrastructure that we believe provide important capabilities, “Open web ecosystem to effectively transition to privacy-preserving ad APIs.”

It’s still early days for Microsoft’s foray into privacy-preserving advertising technology, but the timing is pretty fitting. Google is struggling to find a replacement for tracking cookies that the advertising industry and regulators find acceptable. Microsoft doesn’t have the same vested interests and is therefore an interesting heavyweight to include now.

“We want to make the use of privacy-preserving advertising viable,” says Microsoft, which is clearly not the case today. Google’s latest proposal is to give consumers the option to opt out of tracking cookies and switch to a new, semi-anonymized tracking platform that can provide preferences to advertisers without enabling digital fingerprinting or cross-site tracking. The industry fears that most will drop out – as happened when Apple did the same, which would allow Google’s proposed solution to be deployed despite regulatory concerns. Against this background, alternative solutions will be interesting.

All in all, Microsoft is way behind the line compared to Edge, and one can’t help but think that AI search offers a greater chance of disruption than anything else. And that will upend Microsoft’s relationship with OpenAI compared to Google’s Gemini, which will be a much more open battle than security, performance or tracking, where users will have to make their choice.

Meanwhile, Microsoft is “rolling out the functionality to users gradually, so you may not even see it in the Canary and Dev channels.” Neowin explained. “If you want to turn it on manually, enter the following in the URL bar: edge://flags#edge-ad-selection-api and then enable the API. Unfortunately, the preview is still limited to limited regions and notably excludes the European Economic Area (EEA) and the United Kingdom.”