Office 365 – the online, subscription-based version of Microsoft’s office application suite – is one of the most popular and widely used enterprise cloud applications/services, which makes it the preferred target of hackers trying to gain access to sensitive and private business data.
The UK’s National Cyber Security Centre has warned users, ““Once an actor has obtained credentials for an O365 account, not only can the account access be used to access documents across a user’s O365 surface (SharePoint, OneNote etc.) but it can also be used as a launchpad to carry out further compromises within an organisation,”
“(We are) aware of several incidents involving the compromise of O365 accounts within the UK, including the use of such methods in targeted supply chain attacks. The ultimate objective of this type of targeting is not clear and the attacks appear not to be limited to any particular sector or attributed to any single threat actor.”
How Is This Happening?
Hackers are continuously discovering new ways to bypass Office 365’s built-in security. Many of the accounts that fall victim to these attacks have fallen victim to previously compromised Office 365 accounts.
These attackers are usually searching for information and access that can be used to steal money, sensitive commercial information, distribute Spear Phishing emails and gain access to other’s online accounts.
According to the NCSC, these attackers usually opt for one of two approaches: Brute Force or Spear Phishing. Brute Force is often limited to specific users within an organisation. Spear Phishing usually leads targets to a mimic of an Office 365 login page, which is designed to harvest entered account details.
How To Reduce Risk
By using a password manager you can minimise the effectiveness of both Brute Force and Spear Phishing. By choosing a long, complex password that is difficult to break in to.
The NCSC advises that organisations implement another layer of security, which is Multi-Factor Authentication (MFA)
“The O365 platform supports a number of different MFA mechanisms and depending on the subscription, organisations are able to use a mixture of different deployments,” they said.
“To implement MFA effectively across an organisation’s O365 platform will require IT departments to understand the user group to which they are intending to roll it out. This is especially crucial when organisations are dealing with a diverse workforce. As an example, organisations that have employees deployed in locations with poor mobile phone coverage may have problems receiving SMS tokens, causing difficulties in access to the O365 platform. In this scenario, organisations should consider the different MFA mechanisms available to them to avoid reluctance in adoption across the wider organisation.”