A Barracuda report released Aug. 30 said that bad actors are using spear-phishing, account compromise, and insider impersonation to target Office 365 users.
Both Federal and state governments use Office 365 for reasons such as cost savings, security, privacy, and accessibility. The State of New York saved $3 million a year when it adopted Office 365 and the city of Chicago experienced an 80 percent decrease in cost per employee. Microsoft also restricts content so it’s only shared with intended users, and contains tools to make its technology accessible to people who are visually impaired, deaf, or hard of hearing.
“Many phishing attempts are easy for end users to sniff out because they contain bold requests, misspelled words, or questionable attachments that raise red flags,” the report stated. “However, we are seeing an increase in the number of attacks that are much more difficult to spot due to the personalized nature in which they are carefully crafted and delivered.”
Barracuda found that recent phishing attempts have claimed that user accounts “had been suspended,” which is unusual of an Office 365 account. This type of attack is an attempt to steal the user’s account credentials and gain access to the account. If users fall for this phishing attempt and click the link, it will take them to a landing page where they’ll be prompted to provide their login information. Once the information is entered, the hackers have access to the information that will get them into the account.
From there, hackers can set up forwarding requirements that allow them to monitor the user’s communications. The information could be used to formulate future, higher level attacks.
The hacker could also use the newly obtained account to send similar messages asking for users’ credentials within the organization. The other users will assume that the message was written by the user whose account was stolen. One method that hackers have been using is sending a PDF attachment that appears like a colleague has forwarded a document for review, along with instructions in the email that say the document can be accessed by entering a work email and password.
Another way for the hacker to steal credentials is by sending an invoice that requires the user to log on to a Web portal to view the fake bill. Bad actors often request the user to complete an urgent action, such as paying a bill or forwarding sensitive information like employee tax details, according to Barracuda.
Barracuda recommended that companies train users to be on the lookout for these techniques so they’ll know how to properly identify and avoid them. Barracuda also recommended that companies use the multifactor authentication that is available with Office 365 or through Azure, and to use a real-time spear-phishing defense platform that can identify and weed out spam emails.