Compromised Office 365 Accounts Used to Send 1.5 Million Email Threats in March

Microsoft Office 365 remains an attractive target for cybercriminals as it continues to be used by businesses worldwide. In a new report from Barracuda Networks, the company revealed that more than 1.5 million malicious and spam emails were sent from thousands of compromised Office 365 accounts of their customers in March 2019 alone. The increase in the number of account takeover attacks was said to be the cause for this massive total.

[Read: New Report Finds 25% of Phishing Attacks Circumvent Office 365 Security]

Credential harvesting behind account takeovers

The report details the various methods cybercriminals employ to take over Office 365 accounts. One of the most popular methods is the use of phishing emails that trick users into visiting impersonated Office 365 login forms. Once users log in, cybercriminals gain access to their email accounts. In 2018, the Trend Micro™ Cloud App Security™ solution detected 3.5 million attacks of this type.

Apart from using phishing emails, other methods used in compromising email accounts include using previously stolen passwords from the same user’s personal email account, brute-force attacks, and credential stuffing via previously breached credentials. Web and application channels were also used to compromise email accounts.

What happens after account takeover

Cybercriminals don’t immediately launch an attack after an account has been compromised. They will conduct reconnaissance first to maximize their chances of executing a successful attack. To do this, they set up mailbox rules to hide or delete emails they send using the compromised account. Cybercriminals were found doing this in 34% of the nearly 4,000 compromised accounts, based on the March 2019 analysis done by researchers from Barracuda Networks.

Once cybercriminals gained significant information about companies, for example, what email signatures the company uses and how it handles financial transactions, they will then proceed to target other high-value accounts, with focus on executives and employees from the finance department.

[Read: Smarter Phishing Techniques Observed as Cybersecurity Tools Become Advanced]

Security recommendations

An account takeover attack is just one of the many contrivances of cybercriminals who continue to abuse email to gain a foothold in an enterprise’s IT system. The use of advanced tactics, for example, legitimate-looking but fake loginforms, in email attacks should remind enterprises to set up an efficient multilayered defense strategy.

Cloud App Security, which can be integrated into an enterprise’s existing email gateway, combines artificial intelligence (AI) and computer vision technologies to help detect and block attempts at credential phishing that use fake login forms to deceive email users. After suspected phishing emails pass through sender, content, and URL reputation analyses, computer vision technology and AI will examine the remaining URLs to check if a legitimate login page’s branded elements, login form, and other website components are being spoofed.

Apart from using advanced security solutions, enterprises can also benefit from informing their employees of best practices against email threats and making them undergo a free phishing simulation and user training. Users can protect their accounts by using two-factor authentication (2FA), which involves the use of a password in combination with another form of identification such as generated codes/numbers sent to their phone.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.