searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Newsletters
  • (IN)SECURE Magazine

Featured news

  • Attackers disrupting COVID-19 efforts and critical supply chains
  • C-level executives driving the adoption of MACH across their organizations
  • Users largely unaware of the privacy implications of location tracking
  • CNAME-based tracking increasingly used to bypass browsers’ anti-tracking defenses
  • Most businesses see state-sponsored cyberattacks as a major threat
Help Net Security
Help Net Security
October 14, 2020
Share

Cybercriminals are using legitimate Office 365 services to launch attacks

Vectra released its report on Microsoft Office 365, which highlights the use of Office 365 in enterprise cyberattacks. The report explains how cybercriminals use built-in Office 365 services in their attacks.

Office 365 services attacks

Attacks that target software-as-a-service (SaaS) user accounts are one of the fastest-growing and most prevalent problems for organizations, even before COVID-19 forced the vast and rapid shift to remote work.

Microsoft dominating the productivity space

With many organizations increasing their cloud software usage, Microsoft has dominated the productivity space, with more than 250 million active users each month. Office 365 is the foundation of enterprise data sharing, storage, and communication for many of those users, making it an incredibly rich treasure trove for attackers.

“Within the new work-from-home paradigm, user account takeover in Office 365 is the most effective way for an attacker to move laterally inside an organization’s network.” said Chris Morales, head of security analytics at Vectra.

“We expect this trend to magnify in the months ahead. Attackers will continue to exploit human behaviours, social engineering, and identity theft to establish a foothold and to steal data in every type of organization.”

Cost of account takeovers

Even with the increasing adoption of security postures to protect user accounts such as multifactor authentication (MFA), 40 percent of organizations still suffer from Office 365 breaches, leading to massive financial and reputational losses.

In a recent study, Forrester Research put the cost of account takeovers at $6.5 billion to $7 billion in annual losses across multiple industries.

Highlights from the report

  • 96 percent of customers sampled exhibited lateral movement behaviours
  • 71 percent of customers sampled exhibited suspicious Office 365 Power Automate behaviours
  • 56 percent of customers sampled exhibited suspicious Office 365 eDiscovery behaviours

The report is based on the participation of 4 million Microsoft Office 365 accounts monitored by Vectra researchers from June-August 2020.

More about
  • account hijacking
  • coronavirus
  • cyberattack
  • cybercriminals
  • cybersecurity
  • identity theft
  • Microsoft 365
  • Office 365
  • remote working
  • SaaS
  • social engineering
  • Vectra
Share this
architecture

Why enterprises need rugged devices with integrated endpoint management systems

  • Five factors driving investment in IDV
  • 2021 will be the year of hybrid working: How can CTOs keep staff secure and productive?
Whitepaper – EDR to secure mobile devices: Coverage, limits & recommendations

What's new

hand

Attackers disrupting COVID-19 efforts and critical supply chains

identity

Five factors driving investment in IDV

architecture

Why enterprises need rugged devices with integrated endpoint management systems

businessman

C-level executives driving the adoption of MACH across their organizations

Don't miss

architecture

Why enterprises need rugged devices with integrated endpoint management systems

identity

Five factors driving investment in IDV

tracking

CNAME-based tracking increasingly used to bypass browsers’ anti-tracking defenses

2021 will be the year of hybrid working: How can CTOs keep staff secure and productive?

template

Third-party risk management programs still largely a checkbox exercise

Help Net Security - Daily information security news with a focus on enterprise security.
Follow us
  • Features
  • News
  • Expert Analysis
  • Reviews
  • Events
  • Whitepapers
  • Industry news
  • Newsletters
  • Twitter

In case you’ve missed it

  • Chief Legal Officers face mounting compliance, privacy and cybersecurity obligations
  • How do I select a network monitoring solution for my business?
  • Tips for boosting the “Sec” part of DevSecOps
  • How do I select a DRM solution for my business?

(IN)SECURE Magazine ISSUE 67 (November 2020)

  • Hardware security: Emerging attacks and protection mechanisms
  • Justifying your 2021 cybersecurity budget
  • Cooking up secure code: A foolproof recipe for open source
  • Mapping the motives of insider threats
Read online
© Copyright 1998-2021 by Help Net Security
Read our privacy policy | About us | Advertise