Skip to content ↓ | Skip to navigation ↓

It was only a few years back that cloud technology was in its infancy and used only by tech-savvy, forward-thinking organisations. Today, it is commonplace. More businesses than ever are making use of cloud services in one form another. And recent statistics suggest that cloud adoption has reached 88 percent. It seems that businesses now rely on the technology for day-to-day operations.

While cloud platforms have become increasingly popular thanks in part to the cost saving, scalability and collaborative benefits they offer, organisations cannot afford to be blind to the associated cyber security risks. If your business uses Office 365 (O365), the challenges are especially pressing. With more than 155m active commercial users every month, O365 is a prime target for cyber criminals.

And it’s not just the number of businesses using Office 365 that makes it an obvious target for criminals; given the average time it takes for organisations to respond to breaches, compromising a single O365 account could be used to attack an entire organisation. When a hacker has access to an account, they can potentially use that account to gain access to others.

Due to the value of compromising Office 365 users, hackers are becoming more sophisticated and creative in their approach. This is why it has never been more important to manage and monitor your cloud security. Here are three key ways that hackers are successfully compromising O365 accounts.

More sophisticated phishing campaigns

It is well known that phishing emails are used by cyber criminals – you might well have seen a few attempts in your own inbox. Indeed, many of us are used to seeing the occasional fake email purporting to be from a bank or service provider.

Phishing tactics are used to compromise Office 365 users in order to trick them into handing over their account credentials. And these types of O365 scams are getting more and more sophisticated. For example, there is a new phishing campaign that is designed to mimic a meeting request from your boss. When the link is clicked, it takes you to a fake Microsoft Outlook sign-in page that steals the credentials you enter. Another campaign utilises a live chat feature to create the illusion of authenticity.

There is even a campaign that pretends to be a non-delivery notification from an Office 365 email account that prompts users to ‘send again.’ When this link is clicked, it takes the user to a phishing site that looks identical to the O365 email login screen.

New malware infiltration techniques

You don’t have to be a cyber security expert to know that it is unwise to download documents sent to you from unfamiliar or suspicious-looking sources, but cyber criminals are using even sneakier methods to infect computers with malware. One new method, targeting Office 365 users, involves injecting malware simply when a user previews a document. The Office Preview process doesn’t check if the source of the document is trustworthy before generating a preview, and criminals are taking advantage of this.

Another type of attack that is becoming more common utilises another part of O365. Fake emails are sent to O365 users with SharePoint documents. Malicious links inserted into these documents allow them to bypass the built-in security of the platform.

Circumventing traditional security controls

It is not uncommon to see criminals coming up with new ways to bypass traditional security controls such as antivirus software and firewalls. Now, however, they are coming up with ways to bypass the security in Office 365, too.

In a recent example, an attack named NoRelationship utilised a way to bypass O365’s file filters. These filters do not always scan full documents to establish their level of threat – relying instead on xml.rels files to list the external links that are found in the document. However, in the NoRelationship attack, hackers deleted these external link entries which stopped the filters from noticing malicious links.

How to improve the security of Office 365

Protecting O365, as well as other cloud environments, has never been more challenging. A multi-layered approach to cloud security, incorporating regular security assessments implementing proactive network and endpoint monitoring can help to seriously reduce business’ risk. Employee education and two-factor authentication on user accounts are also highly advisable.

Many businesses are choosing to work with cloud security specialists who can help to ensure environments are hardened against the latest adversarial tactics and techniques.


About the Author: Mike James is a Brighton-based cybersecurity professional with over 20 years’ experience working in different IT roles. An author for many online and print magazines, Mike has covered a range of different aspects within business and personal cybersecurity – including penetration testing, ethical hacking and other threat detection measures.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

['om_loaded']
['om_loaded']