Office 365, Microsoft’s software-as-a-service productivity software suite popular with corporate users, is increasingly becoming attackers’ preferred way into business networks, Barracuda researchers warn.
Office 365-themed phishing
The attack usually starts with a legitimate-looking phishing email that instructs users to log into the email service:
The offered link takes victims to a spoofed Office 365 login page. Once they enter their login credentials, the attackers harvest them, and are free to use them to access the email account.
Access to the account is usually used to set up email forwarding rules so that all the received emails are forwarded to another email account owned by the attackers. Information gleaned from the email can help attackers pinpoint the user’s communications patterns, both with others inside and outside the organization, and replicate them when they send out spoofed emails to those targets.
These emails can be aimed at tricking users into sharing their own credentials, sensitive information, or effect fraudulent payments.
As the SaaS offering is set to reach an estimated 120 million subscribers by the end of the year, the pool of targets is pretty wide. Add to this the fact that many criminals have chosen the path of business email compromise to “earn” money, and it becomes obvious that user have to be always careful.
“Microsoft Office 365 has become so ubiquitous that it’s almost become part of our identities, particularly inside the network with emails circulating internally,” the researchers noted.
“There’s an inherent trust when we receive an email from a coworker using his or her correct address. We are nearly certain it is legitimate, but unfortunately, that’s not always the case.”
The researchers advise companies to raise employees’ awareness about this and other phishing attacks through regular training, to implement real-time phishing and fraud defenses, and to implement multi-factor authentication for business email accounts.
“A form of multi-factor authentication is included with Office 365, but you can also purchase Azure multi-factor authentication that includes extended functionality,” they noted.