Security News > 2021 > January > Microsoft 365 Becomes Haven for BEC Innovation
Two fresh business email compromise tactics have emerged onto the phishing scene, involving the manipulation of Microsoft 365 automated email responses in order to evade email security filters.
In the read-receipts attack, a scammer creates an extortion email, and manipulates the "Disposition-Notification-To" email header to generate a read-receipt notification from Microsoft 365 to the recipient.
The volume of BEC attacks has continued to grow, rising by 15 percent quarter-over-quarter in Q3 of 2020, according to Abnormal Security's Quarterly BEC Report [PDF].
"Without being able to walk over to another person's desk in the office, employees will have a much harder time validating unknown texts or emails. Threat actors have taken note of these issues and are using remote work to their advantage to execute bigger BEC attacks."
After attackers gain a foothold in an Office 365 environment, it's easy for BEC scammers to leverage a trusted communication channel.
"In the current cybersecurity landscape, security measures like multi-factor authentication are no longer enough to deter attackers. SaaS platforms like Office 365 are a safe haven for attacker lateral movement, making it paramount to focus on user access to accounts and services. When security teams have solid information and expectations about SaaS platforms such as Office 365, malicious behaviors and privilege abuse are much easier to quickly identify and mitigate."