The Latest Techniques Hackers Use to Compromise Office 365

Cyber-attacks via the widely used Microsoft Office 365 application is becoming more and more advanced.

Sophisticated phishing attacks are one of the most insidious methods that hackers employ to gain access to a system. Being one of the most-used application on the planet, Microsoft Office 365 is a prime target for cybercriminals. Aside from being subjected to the standard spear phishing and regular phishing attacks, it is also targeted with a myriad of unique cyber-attack techniques that can compromise the entire platform, regardless of the identity and access management protocols that have been implemented.

 

Attack Techniques

The most common type of cyber-attack that Microsoft Office 365 faces is phishing. Cybercriminals have become relentless in their efforts, using increasingly innovative and sophisticated forms of phishing. These phishing attempts are also more dynamic, using unique sender IP, subject line and URL for different attacks.

 

The ‘Action Required” Phishing Attack

This attack comes in the form of a message that arrives with a subject line which prompts the recipient to follow-up with action. Typically, it involves telling them to revalidate an account associated with them as the information has been outdated. The message also contains a link hosted through a hacked legitimate website that is used to bypass email filtering methods based on reputation. This form of attack is used to trick recipients into disclosing their Microsoft Office 365 credentials, and can also be the initial step in a multiphase and lateral cyber-attack within the organisation.

 

The Voice Message Phishing Attack

This unique attack comes in the form of an email with a subject line that prompts the recipient that they have received a voice message from a partially hidden phone number. Additionally, it also includes the first name of the recipient along with the supposed duration of the voice message and a phishing link.

 

Voice message phishing attack can also include ‘microsoft.com’ as the domain address of the sender, making it appear like a standard system message from Microsoft. The phishing link will then redirect you to a phishing site disguised as a Microsoft login page which is designed for credential theft.

 

The Shared File Phishing Attack

In this form of attack, a file-sharing notification is sent in an email with a generic sender name. Once clicked, the link redirects the recipient to a OneDrive page that requires login details. This particular attack relies on the assumption that the recipient has been accidentally logged out of OneDrive, and will steal the credentials when a new login attempt is made.

 

Preventive Measures

Many of these attacks have the ability to go under the radar of standard security protocols. Office 365’s reputation-based and built-in signature countermeasures can also fail to detect these threats. Currently, there are two risk mitigation methods that can be implemented to prevent these sophisticated phishing attacks from credential theft.

 

The first is awareness training for users. Users are the final line of defence for identifying phishing attack that has slipped past established IT security software and protocols.

 

Another effective method of containing these phishing threats is through the addition of a native security layer within Office 365 through an API that complements Microsoft’s Exchange Online Protection (EOP). Leveraging the use of artificial intelligence combined with machine learning, the native solution can analyse real-time behaviours to determine and protect new threats.

 

A predictive approach such as this can be used to detect inconsistent behaviours and abnormal characteristics in email crafting and delivery, which enables anticipating and identifying complex cyber-attacks.

 

What measures has your organization taken to prevent cyber-attacks via business applications?

 

 

 

To learn more about cyber-security countermeasures, contact us at info@adnovum.sg or 6536 0668.