It was only a few years ago that cloud technology was still in its infancy and was only used by technically skilled, progressive organizations. Nowadays it is commonplace. More than ever, companies use cloud services in a different form. And recent statistics suggest that cloud acceptance has reached 88 percent. It seems that companies now rely on the technology for daily activities.
Although cloud platforms are becoming increasingly popular, in part thanks to the cost savings, scalability and collaboration benefits they offer, organizations cannot afford to be blind to the associated cyber security risks. If your company uses Office 365 (O365), the challenges are particularly urgent. With more than 155 million active commercial users every month, O365 is an important target for cyber criminals.
And not just the number of companies that use Office 365 makes it an obvious target for criminals; given the average time it takes for organizations to respond to breaches, compromising a single O365 account can be used to attack an entire organization. When a hacker has access to an account, they may be able to use that account to gain access to others.
Because of the value of compromising Office 365 users, hackers are becoming more sophisticated and creative in their approach. That is why it has never been so important to manage and monitor your cloud protection. Here are three main ways that hackers successfully compromise O365 accounts.
More advanced phishing campaigns
Phishing emails are known to be used by cyber criminals – you may have seen a few attempts in your own inbox. Indeed, many of us are used to seeing a fake e-mail from time to time that seems to come from a bank or service provider.
Phishing tactics are used to overwhelm Office 365 users to get them to transfer their account information. And this type of O365 scam is becoming increasingly sophisticated. For example, there is a new phishing campaign designed to mimic a meeting request from your boss. When the link is clicked, you will be taken to a fake Microsoft Outlook login page that steals the login details. Another campaign uses a live chat function to create the illusion of authenticity.
There is even a campaign that acts as a non-delivery notification from an Office 365 email account that asks users to resend & # 39; & # 39 ;. When this link is clicked, the user is directed to a phishing site that looks the same as the O365 Log in email screen.
New malware infiltration techniques
You don't have to be a cyber security expert to know that it's unwise to download documents sent to you from unknown or suspicious-looking sources, but cyber criminals use even more sophisticated methods to infect malware computers. A new method, targeted at Office 365 users, is to inject malware when a user previewes a document. The Office sample process does not check if the source of the document is reliable before a sample is generated, and criminals benefit from it.
Another type of attack that occurs more and more often uses a different part of O365. Fake emails are sent to O365 users with SharePoint documents. Malicious links that are inserted in these documents allow them to bypass the platform's built-in security.
Bypassing traditional security measures
It is not unusual for criminals to come up with new ways to bypass traditional security controls, such as antivirus software and firewalls. Now, however, they come up with ways to bypass the security in Office 365.
In a recent example, an attack named NoRelationship used a way to bypass O365 file filters. These filters do not always scan entire documents to determine their threat level – instead, on xml.rels files to display the external links found in the document. In the NoRelationship attack, hackers removed these external link entries so that the filters could no longer detect malicious links.
How to improve Office 365 security
Protecting O365, as well as other cloud environments, has never been so challenging. A multi-layered approach to cloud security, including regular security assessments that implement proactive network and endpoint monitoring, can significantly reduce business risk. Employee training and two-factor authentication on user accounts are also highly recommended.
Many companies choose to work with cloud security specialists who can help protect environments against the latest tactics and techniques.
About the author: Mike James is a cyber security professional from Brighton with more than 20 years of experience in various IT roles. Mike, author of many online and printed journals, has covered many different aspects of business and personal cyber security, including penetration testing, ethical hacking, and other threat detection measures.
Publisher's note: The opinions expressed in this article about the guest authors are solely those of the author and do not necessarily reflect those of Tripwire, Inc.