Let's Talk

Hackers are targeting MS office 365 applications

Updated Mon, January 30, 2023 11:53 EST

A   few years ago, cloud technology was unheard of in the IT landscape, with only a few tech-savvy organizations aware of it.  Nowadays cloud platform has reached more than 80% of usage among organizations as businesses have increasingly turned digital. 

One of the best-in-class productivity apps, Microsoft 365 brings a host of services on a single platform to efficiently run their business. This office365 is now known as Microsoft 365 and now the most widely used cloud-based subscription service. 

The cloud platform allows cost-saving, collaborative ventures, and operational scalability. The challenges are more when one is using Office 365. With 155+ million active commercial users of Office 365 every month, it has become a prime target for cybercriminals

The new version of office 365 is used not only in large corporates but also widely used by small businesses and consumers thanks to its artificial intelligence features and productivity tools. 

Encompassing various services such as SharePoint, OneDrive, Exchange, Teams, Word < Excel, and PowerPoint, the growth of Office 365 has been impressive.   The sheer amount of data stored through this application on the cloud has become a tempting target for sophisticated hackers. 

The hackers are aware of the massive amount of data stored in Office 365. Hence, they have been targeting office 365 applications. Organizations also use Office 365 as a gateway to access other applications with a single sign-on platform. The hackers naturally have a huge interest in data because it is cloud-based, and the data can be accessed by hackers remotely from any part of the world. 

Hackers target employees to compromise an organization's network.  Targeting individuals is easy. One can quickly get a list of email addresses of employees. Attackers use brute force or spearphishing or even crack weak passwords to enter the system.  The other attacks are sophisticated, like credential theft. This allows them to log into the VPN, move around the network stealthily, and wait for opportunities to increase their access privileges for Office 365. 

Campaigns by hackers to compromise office 365

Hackers use phishing emails to target email accounts. These fake emails may be purportedly from banks, service providers giving attractive offers, or even offering lucrative jobs.   This tactic is used to trick unsuspecting recipients into handing over their account credentials.  If the users are corporate employees, it becomes easier for the hackers to break into the Office 365 accounts. 

Hackers thrive on fear factors. A new technique for phishing was like mail informing about a meeting with the boss. The moment the employee clicked on the link, it took them to a fake Microsoft Outlook sign-in page that stole the account credentials immediately on login. Another campaign is the live chat feature that creates an impression of authenticity.

There is another one. Non-delivery notifications from an Office 365 email account that influences the sender to ‘send again.’ When the link is clicked, it takes a user to a phishing site that looks similar to an Office 365 email login screen.

Malware infiltration technique

Another method to target Office 365 users is by injecting malware into the system when a user only previews a document on his email. One drawback of Office 365 is that its Office Preview process does not check the trustworthiness of the source of the documents before generating a preview, and hackers are taking advantage of this.

According to a principal consultant of a cybersecurity research firm, FireEye Mandiant, a significant number of credential attacks are by nation-state attackers. These attackers are notorious for exploiting cloud-based services to access sensitive information that their sponsors want to see.  They infiltrate the Office 365 environment and from there on using the security tools to access everything undetected. Every mailbox, SharePoint documents, every Team Chats, and more are searched and accessed. And if this is not enough, the attackers move in further, stealing credentials that allow them to access more companies and departments to extract lucrative information. 

This is not to say that   Office 365 has security vulnerabilities that attackers are targeting. The reality is that Office 365 has become such a core part of   Corporate and Government Organizations IT infrastructure that it becomes the principal and attractive target to breach. 

On the opposite end, corporations, users, and even small businesses are aware of the cybercrimes taking place at random and thus taking steps to secure themselves from malicious attacks.  However, with hackers changing their strategies and shifting the targets, it means that improvements in security defense are still a work in progress. 

Few simple steps to enhance security

The first step, which should now be treated as Bible, is to ensure no passwords are easy.  The easily guessed passwords are the weakest line of defense. IT departments of organizations should set a password management system that is not easily compromised. 

The second step is to ensure multi-factor authentication across the organization. If a password is stolen as a part of credential theft, there is an internal monitoring system to track suspicious logins and activate the second layer of defense. 

The above two are the basic but biggest things that every user and every application in an organization needs to implement. These two implementations, along with continuous monitoring of network activities, usually with the help of third-party cybersecurity firms, can prevent any significant damage. 

Though Office 365 has good security, one still needs to protect against advanced persistent threats (APT)s. The nature of these attacks is over an extended time, often undetected, which means that robust all-time monitoring is required to understand suspicious logins. 

One of the ways to monitor and understand APTs is elevated logins at night.  The high volume of unusual logins across multiple servers or high-profile individual systems with maximum access privileges happens mainly at night. This is because attackers live on the other side of the world.  

Ways to improve Office 365 security 

It is challenging to protect data and applications in a cloud environment that knows no boundaries. Individuals and small businesses can protect their systems by using passwords and two-factor authentication options and regular training of the users and employees. On the other hand, large organizations are increasingly taking the services of cybersecurity firms that specialize in cloud security and are aware of the latest techniques deployed by hackers.

Get the latest news, invites to events, and threat alerts

We’re remote friendly, with office in Miami: Miami

Get the latest news, invites to events, and threat alerts