Security News > 2020 > October > Office 365: A Favorite for Cyberattack Persistence

Threat actors are consistently leveraging legitimate services and tools from within Microsoft Office 365 to pilfer sensitive data and launch phishing, ransomware, and other attacks across corporate networks from a persistent position inside the cloud-based suite, new research has found.

Office 365 user account takeover - particularly during the COVID-19 pandemic with so many working from home - is one of the most effective ways for an attacker to gain a foothold in an organization's network, said Chris Morales, head of security analytics at Vectra AI. From there, attackers can move laterally to launch attacks, something that researchers observed in 96 percent of the 4 million Office 365 customers sampled between June to August 2020.

Office 365 presents a wide playing field for attackers; the leading software-as-a-service productivity suite has more than 250 million active users each month, which has made it a historically consistent target for attacks.

OAuth is an open standard for access authentication used in Office 365 and already has been observed by researchers as a way for attackers to gain access to the cloud-based suite.

After one person took the bait and installed the malicious OAuth app, the attackers had complete access to Office 365 and used it to send internal phishing emails, taking advantage of trusted identities and communications to spread further inside the university.

News URL

https://threatpost.com/office-365-persistent-cyberattacks/160010/