More than 1.5 million malicious and spam emails were sent from thousands of compromised Office 365 accounts: Barracuda Networks
Barracuda researchers have revealed a startling rise in account takeover, one of the fastest growing email security threats. A recent analysis of account-takeover attacks targeted at Barracuda customers found that 29 percent of organizations had their Office 365 accounts compromised by hackers in March 2019. The security vendor revealed new findings from an analysis of cloud-based email accounts under fire from ATO attempts in March. One of the most popular tactics is phishing emails which impersonate Microsoft and request Office 365 log-ins from the unwitting recipient.
Office 365 account takeover attacks begin with infiltration and many hackers impersonate Microsoft and other large firms as a means of tricking users into disclosing their login credentials. In fact, Microsoft is the most impersonated brand in the world with 1 in 3 attacks impersonating the company. Once an account has been compromised, hackers rarely launch an attack straightaway. Instead, they monitor email and track activity in the company to help maximize their chances of executing a successful attack.
After the reconnaissance has been performed, cybercriminals use the harvested credentials to target other high-value accounts, especially executives and finance department employees, to try to harvest their credentials through spear phishing and brand impersonation. For example, scammers use email to impersonate a trusted entity, such as a well-known company or a commonly-used business application. Typically, attackers try to get recipients to give up account credentials or click on malicious links. Attackers often use domain-spoofing techniques or lookalike domains to make their impersonation attempts convincing. Hackers also use compromised accounts to monetize attacks by stealing personal, financial, and confidential data and using it to commit identity theft, fraud, and other crimes. Compromised accounts are also used to launch external attacks targeting partners and customers. With conversation hijacking, hackers insert themselves into important conversations or threads, such as during a wire transfer or other financial transaction.
How to Protect Your Business?
#1 Take advantage of artificial intelligence: Scammers are adapting email tactics to bypass gateways and spam filters, so it’s critical to have a solution in place that detects and protects against spear-phishing attacks, including business email compromise and brand impersonation. Deploy purpose-built technology that doesn’t solely rely on looking for malicious links or attachments. Using machine learning to analyze normal communication patterns within your organization allows the solution to spot anomalies that may indicate an attack.
#2 Deploy account-takeover protection: Some of the most devastating and successful spear-phishing attacks originate from compromised accounts, so be sure scammers aren’t using your organization as a base camp to launch these attacks. Deploy technology that uses artificial intelligence to recognize when accounts have been compromised and that remediates in real time by alerting users and removing malicious emails sent from compromised accounts.
#3 Use multi-factor authentication: Multi-factor authentication, also called MFA, two-factor authentication, and two-step verification, provides an additional layer of security above and beyond username and password, such as an authentication code, thumb print, or retinal scan.
#4 Monitor inbox rules and suspicious logins: Use technology to identify suspicious activity, including logins from unusual locations and IP addresses, a potential sign of a compromised account. Be sure to also monitor email accounts for malicious inbox rules, as they are often used as part of account takeover. Criminals log into the account, create forwarding rules and hide or delete any email they send from the account, to try to hide their tracks.
#5 Train staffers to recognize and report attacks: Educate users about spear-phishing attacks by making it a part of security-awareness training. Ensure staffers can recognize these attacks, understand their fraudulent nature, and know how to report them. Use phishing simulation for emails, voicemail, and SMS to train users to identify cyberattacks, test the effectiveness of your training, and evaluate the users most vulnerable to attacks. Help employees avoid making costly mistakes by creating guidelines that put procedures in place to confirm requests that come in by email, including making wire transfers and buying gift cards.