The FBI recently issued a Private Industry Notification that cyberattackers are assigning auto-forwarding rules to victims’ web-based email clients to conceal their activities. Attackers then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC).
This is serious stuff. Last year, the Internet Crime Complaint Center (IC3) reported losses of more than $1.7 billion worldwide due to BEC actors.
This brings up the cyberthreat that’s been plaguing Microsoft Office 365 accounts, which includes the Outlook mail client and Exchange mail server. With more than 200 million monthly subscribers, Office 365 is a rich target for cybercriminals. And every month, 30% of organizations who use it fall victim to attackers.
Although Office 365 gives the new distributed workforce a primary domain in which to conduct business, it also creates a central repository of data and information that’s easy for attackers to exploit.
Instead of malware, attackers use the tools and capabilities that are available by default in Office 365, living off the land and staying hidden for months. Forwarding emails is just one of many techniques to worry about. After attackers gain a foothold in an Office 365 environment, several things can happen, including:
Vectra research on the Top 10 most common attack techniques used against Office 365 found suspicious mail forwarding to be the eighth most common malicious behavior.
It’s critical to keep a watchful eye on the misuse of account privileges for Office 365, given its prevalence in real-world attacks. Security measures like multifactor authentication (MFA) no longer stops attackers in this new cybersecurity landscape.
Office 365 and other SaaS platforms are a safe haven for attacker lateral movement, making it paramount to detect and respond to account privilege abuse when users access applications and services in cloud environments.
This is precisely what Cognito Detect for Office 365 does. It enables security teams to quickly and easily identify and mitigate hidden attackers in SaaS platforms like Office 365 so that it’s no longer a safe haven for cybercrooks.
If you want to see all this for yourself, you can get a 30-day free trial here. No credit card required!
Chris Morales is Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.