sb-nz logo
Story image

How cyber-attackers use Microsoft 365 tools to steal data

16 Oct 2020

It’s been well documented that 2020 has seen a sharp rise in cyber-attacks, and almost no industry has been spared. 

Software tools, especially those that facilitate remote collaboration, have seen a surge in user engagement - but even these aren’t immune to the proliferation of cyber-attacks. Microsoft’s Office 365 is no exception.

This is evident in Vectra’s 2020 Spotlight Report on Microsoft Office 365 released recently, which highlights the use of Office 365 in enterprise cyberattacks. The report explains how cybercriminals use built-in Office 365 services in their attacks.

Attacks that target software-as-a-service (SaaS) user accounts are one of the fastest-growing and most prevalent problems for organisations, even before COVID-19 forced the vast and rapid shift to remote work, the report says.

With many organisations increasing their cloud software usage, Microsoft has dominated the productivity space, with more than 250 million active users each month. 

Office 365 is the foundation of enterprise data sharing, storage, and communication for many of those users, which Vectra director of security engineering Chris Fisher says makes it an incredibly rich treasure trove for attackers.

“Within the new work-from-home paradigm, user account takeover in Office 365 is the most effective way for an attacker to move laterally inside an organisation’s network.” says Fisher.

“We have seen this kind of account takeover ultimately cause the loss of personal data from organisations in Australia in recent months. 

“Attackers will continue to exploit human behaviours, social engineering, and identity theft to establish a foothold and to steal data in every type of organisation.”

Even with the increasing adoption of security postures to protect user accounts such as multifactor authentication (MFA), 40% of organisations still suffer from Office 365 breaches, leading to massive financial and reputational losses. 

In a recent study, analyst firm Forrester Research put the cost of account takeovers at US$6.5 billion to US$7 billion in annual losses across multiple industries. 

Highlights from the Vectra 2020 Spotlight Report on Office 365 include:

  • 96% of customers sampled exhibited lateral movement behaviours 
  • 71% of customers sampled exhibited suspicious Office 365 Power Automate behaviours 
  • 56% of customers sampled exhibited suspicious Office 365 eDiscovery behaviours

The report is based on the participation of 4 million Microsoft Office 365 accounts monitored by Vectra from June-August 2020, representing the first 90 days of market availability for the company’s SaaS product.

The publishing of Vectra’s report comes two weeks after the company deployed the Attivo ThreatDefend Platform as a service to complement its managed service portfolio offering.

With the solution, organisations are able to achieve real-time threat detection of reconnaissance and credential theft activities as attackers are deceived into engaging with decoys, deception lures, and bait designed to entice hackers into revealing themselves.

Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Security and operations collaboration key to success post COVID-19
“We are in an ultra-hybrid world with multi-everything, and in order to successfully navigate this landscape, ITOps, DevOps, and SecOps teams need to more closely align."More
Story image
Five Eyes nations want legal access to backdoors to fight 'illegal content'
The nations argue that encryption can make the enforcement of public safety difficult, particularly when it comes to serious problems like child exploitation. More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Commvault expands Metallic SaaS portfolio
Metallic Cloud Storage Service brings together technology from Commvault and Microsoft Azure for security and scale.More
Story image
Video: 10 Minute IT Jams – A glimpse inside a ransomware cell
This is our second IT Jam with SonicWall senior manager of product marketing Brook Chelmo, and in this video Brook walks us through his one-on-one experience with a member of a ransomware cell. More