Forgotten Office 365 accounts targeted by stealthy attack campaign

Office 365 Again!

It certainly isn’t a day in 2017 without more vulnerabilities and hacks going on. From earlier this year with WannaCry, we turn our heads to an old friend of ours, Locky. But why does it keep coming back to haunt the easily targeted Office 365 accounts?

Here are the Highlights from ZDNet’s Post:

Crooks are targeting admin and systems accounts — often automated and ignored, not protected by two-factor authentication and secured with poor passwords — to gain access to corporate Office 365 email accounts for phishing, data-theft, and more.

Take away #1: Use Two Factor Authentication!

By targeting systems accounts which may not be actively used on a regular basis rather than those of individual users, the attackers hope to fly under the radar. These accounts are often Exchange Online accounts, which by Microsoft’s own definition fall into the category of Office 365 accounts.

Take away #2: Just because it’s in the cloud doesn’t mean it’s any safer.

Insider threats can pose even greater risks to company data than those associated with external attacks.

Take away #3: Protect not only the perimeter of the network from external threats, but take measures to protect from the inside as well.


Please enter your comment!
Please enter your name here