This is How Hackers Are Stealing Your Microsoft 365 Credentials
Microsoft 365 credentials are prized assets for bad actors. With access to login credentials, hackers can access sensitive data they can sell to bring businesses or impersonate executives or account personnel and send fraudulent emails that seek to extract money from victims.
Attacks targeting Microsoft 365 users occur at alarming regulatory – and with a 29% degree of success in 2019. Microsoft has since improved its cyber defences, but the company’s security management tools alone are not good enough to keep out the threat of malicious actors.
Today’s cybersecurity strategy has to be tackled with a holistic approach. A key component in defending your business network is knowing where threats come from and how you can identify them.
Cybersecurity awareness is your first line of defence. 91% of cyber attacks start with phishing emails. Essentially, the security of a business network largely depends on the actions and knowledge of its users.
In this article, we’re going to take a look at the strategies hackers are using to infiltrate business networks. These are the known strategies at the time of writing, but will naturally evolve.
To keep up-to-date with the latest hacking techniques, we recommend contacting us about our cyber security consultancy services and staff awareness training. In the meantime, make sure you are effectively securing your business email accounts.
Threat actors have become highly skilled at creating phishing emails that accurately imitate trusted sources; i.e banks, Amazon, Google. This technique is known as spoofing and is designed to trick victims into clicking on a malicious link or downloading an infected file.
There are several ways to identify spoof emails. The first alarm bell should sound if there is a sense of urgency and prompt you to click on a link that diverts you to a phoney website designed to look like the real Mccoy.
Typical messages inform you that your account has been suspended or you need to reset your password. Some spoof emails relate ask for your bank details so they can refund you.
Account Take Over Attacks (ATO)
A couple of months ago, it was reported that threat actors were deploying ATO tactics to drop malicious files in Microsoft Team chats. We explained this in detail at the time in this article.
ATO attacks basically involve hackers using login credentials they have stolen from a previous raid. Once they are able to log into the account of employees they use their accounts to infiltrate other users on the network in search of access to sensitive data or ways of exploiting financial rewards.
For example, a hacker may have infiltrated the computer of a CEO’s personal secretary. They then use their MS Teams account, or email account, to send a malicious file to the CEO. If opened, hackers will then have access to data stored on or accessed through that computer.
Microsoft 365 VPN Phishing Attacks
Cybersecurity firm Abnormal Security identified a cyber threat in which hackers use a phishing attack to impersonate a VPN. Hackers send a spoofed email that prompts recipients to enter their Microsoft Office 365 credentials.
The VPN strategy involves guiding victims to a website that for all intents and purposes appears to be the genuine website of the VPN provider. Because the service is hosted on a Microsoft-owned platform, it requires Microsoft 365 credentials to confirm the user has a valid Microsoft certificate.
This foil can be avoided by issuing a policy that restricts employees from logging into affiliated websites. The only personnel permitted to access a VPN site should be the data controller. In addition, a VPN website should only be accessed through the URL rather than a link sent via email.
Static Web Apps in Microsoft Azure
A recent report in Tech Radar reveals how threat actors are using the Static Web Apps landing page to trick Azure users into handing over their Microsoft 365 credentials.
Static Web Apps have two features that can be exploited; custom branding and web hosting. Hackers use these two features to host static landing pages that spoof Microsoft’s official service pages – which include the secure connection padlock in the address bar.
Again, unwitting users are prompted to enter their Microsoft 365 credentials. And in doing so hand them straight over to threat actors that can use them for nefarious activities.
Two-Way Factor Authentication
It was believed that two-factor authentication (2FA) would resolve the issues that are synonymous with password-only logins. If anything, two-way factor authentication gives sophisticated hackers more opportunities to steal Microsoft 365 credentials.
Two-factor authentication becomes a weakness where hackers can intercept text messages or emails sent to the user attempting to log in. If a mobile device or desktop computer is already infected with spyware, 2FA is futile.
Security firms have also discovered that hackers have found other ways to gain access to mobile phone numbers. The most shocking way is to trick or bribe mobile phone customer service agents to reassign the SIM number to a phone owned by the hacker.
Vice magazine reported they used a commercial service that exploit unregulated SMS tools.
And what’s the cost of this penetrative strategy, I hear you ask?
A measly £12.
The more sophisticated attackers also use a technique known as SS7 exploitation which takes advantage of security flaws in the existing telecommunication infrastructure.
Protect Microsoft 365 Credentials
Whilst the threat of hackers can be a terrifying thought for business owners, our IT security experts at Micro Pro want to reassure you that data breaches can easily be prevented.
Let’s not downplay the severity of a data breach here, but the reality is that with the right IT security strategy in place, hackers do not pose that much of a threat to the majority of small businesses.
However, as we mentioned at the top of this article, it is imperative that your employees know how to recognise a potential attack and understand what they should and shouldn’t do when they receive suspicious emails.
To avoid putting your business at risk, contact our IT security experts in Surrey today and speak with our experienced consultants about your IT security strategy. Ignoring cybersecurity is not worth the risk.