Office 365 users should be on the lookout for account takeover attacks, a rapidly-growing email security threat hitting the enterprise, according to a Thursday blog post from Barracuda. Nearly 30% of organizations studied had their Office 365 accounts compromised by hackers in March of this year, with more than 1.5 million malicious and spam emails sent from hacked accounts that month, the post said.
To execute an account takeover attack, hackers use several different methods, according to the post, including:
- Leveraging usernames and passwords acquired in previous data breaches
- Using stolen passwords to access personal email accounts, and entering business accounts that way
- Brute force attacks to guess simple passwords and take over accounts
- Web and business application attacks, including SMS
SEE: You’ve been breached: Eight steps to take within the next 48 hours (free PDF) (TechRepublic)
More than half of all global businesses now use Office 365, the post noted. Account takeover attacks can serve as an entry point into an organization and its data, leading to a big payout for the hacker.
These attacks typically begin with an infiltration stage, wherein cybercriminals impersonate Microsoft and use social engineering to try and get victims to click on a phishing website or give up their login credentials.
Once an account is compromised, hackers monitor and track activity to learn how a company does business, what email signatures they use, and the way financial transactions are handled, to successfully launch future attacks, according to the post. These attacks often target high-value accounts including executives and finance department employees.
How to prevent account takeover attacks
The post offered the following three tips to protect your business from account takeover attacks:
1. Use multi-factor authentication
Multi-factor authentication–also known as MFA, two-factor authentication, and two-step verification–offers another layer of security beyond username and password. Often, this takes the form of an authentication code, a fingerprint scan, or a retinal scan.
2. Monitor inbox rules and suspicious logins
Find technology solutions that can identify suspicious activity, including logins from different locations and IP addresses, which are a potential sign of a compromised account, the post noted. Monitor email accounts for malicious inbox rules, which are also often part of account takeover, as criminals access an account, create forwarding rules, or hide or delete emails they send from the account to disguise their activity.
3. Train staffers to recognize and report attacks
Make spear phishing attack awareness part of security awareness training, the post said. Simulated phishing attacks for email, voicemail, and SMS can be effective training tools.
“Ensure staffers can recognize these attacks, understand their fraudulent nature, and know how to report them,” the post said.
For more, check out How to prevent spear phishing attacks: 8 tips for your business on TechRepublic.