Office 365 Users Increasingly Targeted by Credential-Stealing Phishing Campaigns

Written by Aldrin Brown
September 5, 2017

Microsoft’s ubiquitous productivity suite has more than 100 million monthly active subscribers, and that scale is incentivizing cyber criminals to craft sophisticated attacks that reach large numbers of users, security experts at Barracuda Networks say.

The ubiquity of Microsoft’s Office 365 is making it a favorite target of cyber criminals, who are devising increasingly elaborate counterfeit email and website templates to steal user credentials and launch attacks from within organizations.

Details of the “Office 365 Account Compromise” attacks were published this week in a blog post from security software vendor Barracuda Networks.

Office 365 has more than 100 million monthly active subscribers, and that scale is serving as incentive for cyber criminals to craft sophisticated attacks that reach large numbers of users.

“This particular attack is designed to steal the user’s Office 365 credentials and take over the account,” Barracuda experts wrote in the Threat Spotlight blog. “The user clicks a link in the message that sends them to a well-crafted landing page where they are prompted to enter their credentials.”

If a user enters the credentials, the attacker gains ongoing access to that account, which can be used maliciously in a number of different ways.

“A common scenario is that attackers set up forwarding rules on the account to observe the user’s communications patterns, both with others inside and outside the organization,” the post states. “This knowledge can be used as leverage for future attacks such as ransomware or other advanced threats.”

In other instances, an attacker will send messages from a legitimate internal email address to other users inside an organization, seeking additional credentials or other information.

That scenario offers a greater likelihood that the phishing email will be opened and that the hacker’s call to action will be responded to successfully.

“There’s an inherent trust when we receive an email from a coworker using his or her correct address,” the post states. “We are nearly certain it is legitimate, but unfortunately, that’s not always the case.”

Barracuda Networks experts suggest Office 365 users be trained to recognize suspicious signs in messages, even from completely legitimate email addresses.

They also advise that customers consider supplementing the multi-factor authentication included in Office 365 with more robust products.

Finally, the company recommends using sophisticated spear phishing defense technology.

Send tips and news to MSPmentorNews@Penton.com.