What is the issue?
Attackers compromise Microsoft Office 365 accounts via ATO (Account Takeover) attacks and use the compromised accounts for various phishing campaigns, malvertising campaigns, and Business Email Compromise (BEC) scam campaigns.
Barracuda research findings
Barracuda researchers analyzed ATO attacks and found out the following,
More details on the analysis
Attackers execute ATO attacks via brand impersonation, social engineering, phishing, credential stuffing, and brute-force methods.
Researchers said that attackers leveraged ‘usernames-passwords’ stolen from previous data breaches to compromise the accounts as victims reuse passwords across multiple accounts. This also helped them gain access to additional accounts.
Researchers noted that attackers were able to successfully take over Office 365 accounts via brute-force attacks because users employed simple passwords that were easy to crack.
Attackers also used ‘Brand Impersonation’ tactic to trick email recipients into visiting a phishing page and provide their login credentials. The most impersonated brand is ‘Microsoft’ with 1 in 3 attacks impersonating Microsoft.
Once the account is compromised, attackers monitor and track activity to understand the company’s business process, its financial transactions, and how they use the email signatures, so that they can launch successful attacks, including stealing additional login credentials from various accounts.
How to stay protected from such attacks?
“Use technology to identify suspicious activity, including logins from unusual locations and IP addresses, a potential sign of a compromised account. Be sure to also monitor email accounts for malicious inbox rules, as they are often used as part of account takeover,” researchers said in a blog.
Publisher