How Attackers Use Business Email to Compromise Office 365

How Attackers Use Business Email to Compromise Office 365

How Attackers Use Business Email to Compromise Office 365

How Attackers Use Business

Email to Compromise Office 365

How Attackers Use Business

Email to Compromise Office 365

By:
投稿者:
Chris Morales
December 3, 2020

The FBI recently issued a Private Industry Notification that cyberattackers are assigning auto-forwarding rules to victims’ web-based email clients to conceal their activities. Attackers then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC).

This is serious stuff. Last year, the Internet Crime Complaint Center (IC3) reported losses of more than $1.7 billion worldwide due to BEC actors.

This brings up the cyberthreat that’s been plaguing Microsoft Office 365 accounts, which includes the Outlook mail client and Exchange mail server. With more than 200 million monthly subscribers, Office 365 is a rich target for cybercriminals. And every month, 30% of organizations who use it fall victim to attackers.

Although Office 365 gives the new distributed workforce a primary domain in which to conduct business, it also creates a central repository of data and information that’s easy for attackers to exploit.

Instead of malware, attackers use the tools and capabilities that are available by default in Office 365, living off the land and staying hidden for months. Forwarding emails is just one of many techniques to worry about. After attackers gain a foothold in an Office 365 environment, several things can happen, including:

  • Searching through emails, chat histories, and files looking for passwords or other useful data
  • Setting up forwarding rules to access a steady stream of emails without needing to sign-in again
  • Hijacking a trusted communication channel, such as sending an illegitimate email from the CEO’s official account to socially engineer employees, customers and partners
  • Planting malware or malicious links in trusted documents to manipulate people into circumventing prevention controls that trigger warnings
  • Stealing or encrypting files and data for ransom

Vectra research on the Top 10 most common attack techniques used against Office 365 found suspicious mail forwarding to be the eighth most common malicious behavior.

Office 365 Tools and Services Attacker Use

It’s critical to keep a watchful eye on the misuse of account privileges for Office 365, given its prevalence in real-world attacks. Security measures like multifactor authentication (MFA) no longer stops attackers in this new cybersecurity landscape.

Office 365 and other SaaS platforms are a safe haven for attacker lateral movement, making it paramount to detect and respond to account privilege abuse when users access applications and services in cloud environments.

This is precisely what Cognito Detect for Office 365 does. It enables security teams to quickly and easily identify and mitigate hidden attackers in SaaS platforms like Office 365 so that it’s no longer a safe haven for cybercrooks.

If you want to see all this for yourself, you can get a 30-day free trial here. No credit card required!

About the author

Chris Morales

Chris Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.

Author profile and blog posts

Most recent blog posts from the same author

Cybersecurity

ホリデーシーズンは悪質なウェブサイトに特にご注意を

December 10, 2020
Read blog post
Threat detection

攻撃者がビジネスメールを使ってOffice 365を侵害する方法

December 3, 2020
Read blog post
Industry

攻撃者が使用するOffice 365ツールとオープンサービス

October 19, 2020
Read blog post