Researchers from the FireEye Mandiant cybersecurity platform have reported that the most sophisticated hacking operations are now refocusing on attacking Microsoft Office 365.
Office 365 provides endpoint and cloud services, including Office, Outlook, SharePoint, Exchange, Teams, and OneDrive, that help businesses and organizations thrive in their operations while storing their data on the cloud.
Principal consultant at Mandiant, Doug Bienstock said, “The amount of data in Office 365 is just huge, and attackers are interested in data. But also, they can now access that data from pretty much anywhere in the world.” He continues: “Office 365 is also a gateway for organizations to access other applications as a single sign-on platform,” he added.
Sophistication is now the name of the game
Hackers can compromise the networks of their target organizations once they get email addresses of employees. The attackers will attempt to brute force accounts with weak passwords even without applying the method of spear-phishing.
Once they have access to one account using valid credentials from a victim they will use this account to investigate all corporate resources and find additional credentials or vulnerabilities to increase their privileges to the level of an administrator in Office 365.
More security is needed
Madeley singled out APT35 as a notorious hacking operation that has already deployed this kind of attack. APT35 falls under state-backed advanced persistent threat (ATP) groups that exploit cloud services as a way of gaining access to the targeted sensitive information that might be found in a user’s mailbox, SharePoint document and Teams chat.
Organizations must set up strong passwords and increase their security by enabling multi-factor authentication on their employee accounts so that APT groups and other hackers are stopped. They should also be able to look at any activity on their networks in a seamless manner.