Experts Warn of Office 365 Account Takeover Surge
Over 1.5 million malicious and spam emails were sent from thousands of compromised Office 365 accounts in just one month thanks to a surge in account takeovers (ATOs), according to Barracuda Networks.
The security vendor yesterday revealed new findings from an analysis of cloud-based email accounts under fire from ATO attempts in March.
It claimed over a quarter (29%) of organizations it monitored had Office 365 accounts compromised by attackers, often via credential stuffing using previously breached credentials, stolen passwords from the same user’s personal email account, brute force attacks, and other web and application channels.
One of the most popular tactics is phishing emails which impersonate Microsoft and request Office 365 log-ins from the unwitting recipient.
“With more than half of all global businesses already using Office 365 and adoption continuing to grow quickly, hackers have set their sights on taking over accounts because they serve as a gateway to an organization and its data — a lucrative payoff for the criminals,” warned Barracuda Networks VP of content security services, Asaf Cidon.
Once an account has been taken over, hackers don’t usually launch an attack from it immediately.
“Instead, they monitor email and track activity in the company, to maximize the chances of executing a successful attack,” Cidon explained.
“As part of their reconnaissance, scammers often set up mailbox rules to hide or delete any emails they send from the compromised account. In the March 2019 analysis performed by Barracuda researchers, hackers set up malicious rules to hide their activity in 34% of the nearly 4000 compromised accounts.”
The attackers ..