skip to Main Content

Cybercrime uses Microsoft Office 365 as a gateway to organizations

Barracuda Networks: Cybercrime likes Microsoft Office 365 as a gateway to organizations. In March 2019, 29% of businesses accounts were compromised by malicious hackers

Cybercrime hackers like to exploit Microsoft Office 365 accounts to launch cyber attacks against different targets. It has been discovered by Barracuda Networks cyber security experts. According to the company’s blog, a recent analysis of account-takeover (ATO) attacks found that 29% of organizations had their Office 365 compromised by hackers in March 2019. More than 1.5 million malicious and spam emails were sent from the hacked accounts. They were compromised using a variety of methods. In some cases, hackers leveraged usernames and passwords acquired in previous data breaches. They also use stolen passwords for personal emails and access to that account to try to get access to business email. Brute-force attacks are also exploited to successfully takeover accounts because people use very simple passwords that are easy to guess and they don’t change them often enough. Attacks also come via web and business applications, including SMS.

The cyber security experts: Office 365 is exploited as a gateway to an organization and its data. Cybercrime for account-takeover (ATO) attacks uses brand impersonation, social engineering, and phishing

According to the cyber security experts, Office 365 is exploited as a gateway to an organization and its data, a lucrative payoff for the cybercrime. This thanks to the fact that the application is used by more than half of all global businesses, and adoption continuing to grow quickly. For the ATOs, the cyber criminals use brand impersonation, social engineering, and phishing. This to steal login credentials and access for the accounts. Once they are compromised, malicious hackers monitor and track activity to learn how the company does business, the email signatures they use, and the way financial transactions are handled, so they can launch successful attacks, including harvesting additional login credentials for other accounts. 

The cyber aggressions happen in four phases: infiltration, reconnaissance, credential harvesting to target high-value targets, and attacks to monetize

The first phase of the cyber attacks via Microsoft Office 365 starts with infiltration. The second is the reconnaissance. Scammers often set up mailbox rules to hide or delete any emails they send from the compromised account. In the third, they use the harvested credentials to target other high-value accounts, especially executives and finance department employees, to try to harvest their credentials through spear phishing and brand impersonation. Typically, cybercrime try to get recipients to give up account credentials or click on malicious links. Attackers often use domain-spoofing techniques or lookalike domains to make their impersonation attempts convincing. Finally, according to Barracuda Network, they use compromised accounts to monetize attacks by stealing personal, financial, and confidential data and using it to commit identity theft, fraud, and other crimes. Compromised accounts are also exploited to launch external attacks on partners and customers.

Back To Top