Researchers at Barracuda Networks, a data and network security provider, are reporting a massive attack on Office 365 where cybercriminals are taking over accounts.
The number of affected — 29 percent of organizations have reportedly been hacked — is massive. More than 1.5 million spam emails were sent from those hacked accounts in March alone.
Sending out spam is not the only thing these hackers have in mind. Barracuda identified a pattern in which hackers used this access to follow the inner workings of a company closely. This was done to, “…harvest additional login credentials for other accounts.” In particular, accounts of higher-level executives and employees within finance departments.
These attacks begin when employees are lured to a phishing website — a website that appears to be legitimate but is created to steal personal information. According to TechRadar, “phishing scams account for half of all fraud attacks.”
The way these attacks work is that cybercriminals gain entry to Office 365 accounts through a phishing attack, then they track company activity and increase their level of access to company data.
Barracuda recommends a handful of ways to fend off these, and other, attacks:
First, tap into the power of AI to identify an Office 365 account take over. This technology goes beyond identifying malicious links and can actually, “…analyze communication patterns to spot anomalies that are possible indicators of an attack.” This is especially helpful since cybercriminals have learned to hide or delete emails they send from the compromised account.
Next, implement multi-factor authentication to create levels of protection beyond a username and password.
Also, utilize security software to monitor logins and suspicious activities. This is especially important if you see logins from faraway locations.
Finally, it’s vital to educate and continue educating employees about threats around phishing websites. Not only will it keep them away from making that click, but it will also let them know what do in case the damage has been done.
In today’s world, it’s not just Office 365 accounts that are under attack. Cybercriminals are getting smarter, but so are we. To beef up your cyber security, reach out to our team to learn more about our cybersecurity consulting services.