(616) 828-5360
(616) 828-5360
Over the past several years, Office 365 has become popular in the Small to Medium Size Business space. Through various avenues including phishing, social engineering, and resources available on the Dark Web, Office 365 account breaches are becoming more common. While a business of this size does not typically consider themselves a target, this is unfortunately entirely misconception. Hackers use this to their advantage and purposely target smaller organizations knowing they are a softer target still rich with valuable information and often more willing to pay ‘ransoms’ in the case of a successful Ransomware Attack due to inadequate protections or back up. Office 365 provides a single logon location for every hosted domain, accessible 24/7 from anywhere in the world, and is outside of an organization’s current perimeter defenses making it a prime target for attack.
Once an Office 365 account has been breached, the hacker has access to all the victim’s previous sent and received email, contact lists, calendars, notes, as well as gaining SharePoint and One Drive access. This account is often synced with an organization’s internal Domain Authentication, creating the potential for the hacker to gain access to internal resources as well. Because the account and information are housed in the cloud, until the hacker starts making changes, there is very little indication of the breach to the victim. After the hacker has pilfered and downloaded any of the information they desire, they often leverage the compromised account in an attempt to gain access to additional accounts. This is done by bulk mailing the victim’s contact list with a phishing email FROM the victim’s email account. The hacker will also create rules in Office 365 in an attempt to suppress replies or notifications which may alert the victim to the breach. They also create email forwarding and deletion rules so they no longer have to monitor the account directly. Unfortunately, it isn’t until this point the victim may first notice something could be wrong.
The simplest method to help mitigate this attack is to utilize Multi-Factor Authentication or MFA. Should a hacker successfully acquire valid account credentials, MFA utilizes a second method to authenticate the user when accessing Office Online. While MFA can help reduce the risk of Office 365 account breaches, it does not fully mitigate the risk. There are also attacks capable of circumventing the MFA requirement utilizing manipulated SharePoint document links in phishing emails. You may have already experienced such a message. One well known attempt attached a file referencing information regarding a salary bonus creating an effective lure, especially when the email is sent from a compromised account within your organization. The link would reference AND take you to a legitimate Office 365 login page. However also embedded in the link was a means for the hacker to gain a legitimate Office 365 application code which acts as a second authentication method allowing them full access to the victim’s account. This application code allows the hacker to request new codes and circumvent MFA for as long as they wish. In this instance, user training and education to recognize such a message as a phishing attempt is crucial.
Fusion IT has always had a security first approach and believes in security by design. We have therefore developed additional security programs, including but not limited to, managed Multi-Factor Authentication offering features beyond the ‘free’ authenticators available; 24/7 monitoring of your Office 365 environment; and most importantly, Cyber Security Training for your team. The Managed MFA allows multiple cloud applications to use one Multi-Factor Authentication tool. This tool can also be leveraged to provide MFA protection to your organization’s VPN access. The Office 365 monitor will send alerts on any of the suspicious activity mentioned earlier. These alerts include foreign attempts to access Office 365 accounts, rule creation or changes, as well as any new SharePoint access rights which may be granted by a user. This same tool will also monitor your organization’s network and servers looking for possible nefarious activity to alert on. Our Cyber Security training program includes videos, quizzes, and simulated phishing messages. All progress and results are trackable and Fusion IT provides regular reports.
For further information into Fusion IT’s enhanced Security Programs and to learn how we can further protect your organization please click HERE. You may also contact us by clicking one of the two links at the bottom of this page.
Sincerely,
Wm Greg Cloon, CISM, CDPSE, CISSP
Enterprise Security & Network Architect Manager