More sophisticated phishing campaignsIt is well known that phishing emails are used by cyber criminals – you might well have seen a few attempts in your own inbox. Indeed, many of us are used to seeing the occasional fake email purporting to be from a bank or service provider. Phishing tactics are used to compromise Office 365 users in order to trick them into handing over their account credentials. And these types of O365 scams are getting more and more sophisticated. For example, there is a new phishing campaign that is designed to mimic a meeting request from your boss. When the link is clicked, it takes you to a fake Microsoft Outlook sign-in page that steals the credentials you enter. Another campaign utilises a live chat feature to create the illusion of authenticity. There is even a campaign that pretends to be a non-delivery notification from an Office 365 email account that prompts users to ‘send again.’ When this link is clicked, it takes the user to a phishing site that looks identical to the O365 email login screen.
New malware infiltration techniquesYou don’t have to be a cyber security expert to know that it is unwise to download documents sent to you from unfamiliar or suspicious-looking sources, but cyber criminals are using even sneakier methods to infect computers with malware. One new method, targeting Office 365 users, involves injecting malware simply when a user previews a document. The Office Preview process doesn’t check if the source of the document is trustworthy before generating a preview, and criminals are taking advantage of this. Another type of attack that is becoming more common utilises another part of O365. Fake emails are sent to O365 users with SharePoint documents. Malicious links inserted into these documents allow them to bypass the built-in security of the platform.
Circumventing traditional security controlsIt is not uncommon to see criminals coming up with new ways to bypass traditional security controls such as antivirus software and firewalls. Now, however, they are coming up with ways to bypass the security in Office 365, too. In a recent example, an attack named NoRelationship utilised a way to bypass O365’s file filters. These filters do not always scan full documents to establish their level of threat – relying instead on xml.rels files to list the external links that are found in the document. However, in the NoRelationship attack, hackers deleted these external link entries which stopped the filters from noticing malicious links.
How to improve the security of Office 365Protecting O365, as well as other cloud environments, has never been more challenging. A multi-layered approach to cloud security, incorporating regular security assessments implementing proactive network and endpoint monitoring can help to seriously reduce business’ risk. Employee education and two-factor authentication on user accounts are also highly advisable. Many businesses are choosing to work with cloud security specialists who can help to ensure environments are hardened against the latest adversarial tactics and techniques.
About the Author: Mike James is a Brighton-based cybersecurity professional with over 20 years’ experience working in different IT roles. An author for many online and print magazines, Mike has covered a range of different aspects within business and personal cybersecurity – including penetration testing, ethical hacking and other threat detection measures. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.