According to released information from Barracuda Networks, Microsoft Office 365 account takeover attacks are one of the most prevalent email attacks for the Office 365 platform. Barracuda states that approximately 29% of Organizations on Office 365 have had at least one account compromised by a bad actor.
An Office 365 account takeover attack generally begins with social-engineering tactics to lure email recipients to a phishing website in which the email account credentials are entered. Once the account is compromised, the bad actor sits in the email account and begins to learn about the Organization. From the information gathered, the bad actor then targets higher value users and either attempts to harvest their credentials or leverages the compromised account to attack other Organizations.
The number one item that an Organization can do to assist in preventing an account takeover is by implementing multi-factor (or two-factor) authentication. Two factor authentication adds a second step to the login process by asking for a unique code typically generated by the account owner’s cell phone. This helps prove the person logging into the account is the actual individual. Even if the credentials for the account have been compromised, the two-factor authentication system should prevent account access from a bad actor. Other solutions or techniques that can be used to assist in preventing an account takeover are:
- Use Artificial Intelligence (AI): Implement AI-based cybersecurity tools to spot anomalies that may indicate an Office 365 account-takeover attack.
- Leverage Account-Takeover Protection Technologies: Deploy technologies that recognize when accounts have been compromised and remediate such issues in real-time.
- Track Suspicious Activities: Leverage security technologies to monitor logins from unusual locations and other suspicious activities.
- Educate Employees: Teach employees about spear-phishing attacks and perform phishing simulations to test workers’ ability to identify and respond to these attacks.
powersolution.com utilizes many of these solutions to prevent account takeover attacks. Ultimately, even with all of the technical solutions in place these attacks can still occur. End users need to be vigilant in reviewing any suspicious email received and when in doubt, get a second opinion.