Researchers at Barracuda Networks have detected a large increase in account takeovers. In March, 29 percent of organizations were victims of an attempt to take over Office 365 accounts. In one month’s time, 1.5 million malicious and spam mails were sent from the hacked accounts.
The account takeover attacks were carried out in various ways. In some cases, the hackers used login details collected from previous data breaches. Since people often use the same password for different accounts, attackers were able to re-use the stolen login credentials and access multiple accounts.
Brute force attacks were also used to take over Office 365 accounts. This was successful because people use very simple passwords, which are easy to guess. Attackers also enter via web and business applications, including SMS.
The researchers also looked at which countries were logged in to gain access to the hacked accounts. This is mainly from China, with 23%. With five percent, the Netherlands is in fourth place with Vietnam, behind Brazil (9 percent) and Russia (7 percent).
Working method
According to Barracuda, taking over the Office 365 account often starts with cyber criminals pretending to work for Microsoft. Using social engineering, they persuade e-mail recipients to visit a phishing website and log in.
Once the account has been taken over, hackers monitor the activities within the company to increase the chances of successfully conducting an attack. Scammers often put rules on the mailbox to hide or delete the emails they send from the hacked account. This was the case for 34 percent of the nearly four thousand hacked accounts in March.
Cybercriminals then use the collected data to try to take over more valuable accounts. This mainly concerns accounts of top people and financial employees. Acquired accounts are also used to steal personal, financial and confidential data. This data is used, for example, for identity theft and fraud. Furthermore, the accounts are used to carry out external attacks against partners and customers.
Protection
Barracuda advises companies to defend themselves against acquisitions of Office 365 accounts. For example, according to the researchers, it is important to implement a solution that detects and protects spear phishing attacks. In addition, it is recommended to use technology that uses artificial intelligence to recognize it when an account has been acquired and notify users accordingly.
Furthermore, the use of multi-factor authentication is recommended. This provides an extra layer of protection on top of the username and password. Technology to monitor suspicious activity – such as logging in from unusual locations – is also important, according to the researchers.
Finally, it is recommended that employees be taught about spear phishing attacks so that they recognize them and do not fall victim to them. This can be done with phishing simulations, for example.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.