New Office 365 Threats Emerge

Office 365-2

TechViews News   …..

Since the 32-bit version of Microsoft Office Suite was released in 1995, it has been the go-to set of productivity applications for businesses of all sizes, as well as home users needing compatibility with their office machines.

The standards Microsoft used to integrate documents across Windows computers made the suite easy to use and very profitable for Microsoft. In fact, if you were creating a letter, or spreadsheet, or presentation image, chances are that it was made in Microsoft Office.

One of the main selling points was that common versions, beginning with Office 95, were the same on all Windows computers. And as you moved up the Windows version you moved up the Office versions as well. And if you didn’t, there was backwards compatibility with previous Office versions.

As a result, the Microsoft Office Suite for Windows became the cash cow for Microsoft. It still is to this day. And all of this productivity was installed on your desktop computer.

Microsoft launched a cloud-based version of its Office Suite called, Office 365, on June 28, 2011 originally as a subscription service aimed at corporate users, which was where Microsoft gained its largest revenue. With the release of Microsoft Office 2013, Microsoft expanded Office 365 to include new plans aimed at different types of businesses, along with new plans aimed at general consumers.

In the fourth quarter of fiscal year 2017, Office 365 revenue overtook that of conventional license sales of Microsoft Office software for the first time. The big difference was that Office 365 was cloud-based with only the access point installed on your computer.

That means that if you used Office 365 instead of the Office Desktop Suite, all your work, regardless of the Office application, was handled through remote servers, not on your desktop.

While this may seem a benefit for companies that don’t have the resources to maintain an IT staff, it brings its own set of problems with it.

Malicious hackers have known for some time that phishing is a fruitful and cheap method for stealing data. And the bigger the mark, the better the returns. So it should be no surprise that Office 365 has become a tempting target.

A recent Trend Micro article noted that a U.S. Secret Service bulletin warned of phishing attacks specifically targeting organizations using Office 365.

Trend Micro also claimed that in 2018 its “Cloud App Security caught 8.9 million high-risk email threats missed by Office 365 security. Those threats included “a million malware, 7.7 million phishing attempts, and 103,955 Business Email Compromise attempts.” That’s a serious threat to both businesses and individual users.

Moreover, attackers are creating and sharing tools that specifically target both Microsoft Exchange and Office 365. The malicious code can, for example, be used to steal email addresses and to access business systems via misconfigured mailbox permissions.

We’ve been reading about the recent breaches of online services that were once believed to be impenetrable. But any online service, whether it’s for productivity, gaming, or online storage, can be breached. Office 365 is no exception.

Primarily, the bad guys are after:

  • User data from the Global Address List,
  • Lists of folders from specific mailboxes,
  • Valid domains and usernames from Outlook Web Access (OWA),
  • Valid Active Directory usernames from Exchange Web Services (EWS),
  • Access to specific mailboxes, and
  • Passwords carelessly used by subscribers.

With a foothold in an Exchange server, attackers can get inside Office 365 and, even worse, access Office 365 assets.

Want proof? This past August (2018), Computer Business Review reported that an estimated 10 percent of Office 365 customers had been targeted by phishing attacks.

Surprisingly, malicious hackers can use Office 365 itself to launch more attacks. As noted in a recent Blaze post, exploits tend to take similar actions, as outlined below:

  • An attacker sends an Office 365 targeted email (spear-phishing), likely from a spoofed or fake email address.
  • The user is enticed to click on the link or open an attachment that includes a link.
  • The user will then unknowingly enter their credentials on the fake Office 365 page.
  • The credentials get sent back to the attacker.
  • Attacker will access the now compromised user’s mailbox.
  • The cycle repeats: The attacker will send targeted emails to all of the compromised user’s contacts, but with this difference: it’s coming from a legitimate address.

Now, before you decide to stop emailing completely and move back to paper cups and string, keep this in mind: Any cloud service can be made as secure as any on-premises desktop counterpart. The key is to not take any cloud service as is — you’ll need to make some adjustments.

Start with strong and unique passphrases. Next, enable multi-factor authentication to prevent stolen passwords from being successfully applied by remote attackers.

Add Microsoft Advanced Threat Protection to your existing Office 365 subscription. Prefiltering the links that end up in your inbox is key to staying out of harm’s way.

That’s a good start to securing Office 365 and your email. But remember, just because the productivity applications do not reside on your personal computer doesn’t mean you should stop all your safe online practices.

But what happens if the Microsoft data center where all your work is kept happens to get hit by a natural disaster that knocks the power out and your stored data gets corrupted or even worse – lost? It has happened before and will happen again.

Oh well, that’s a topic for another time.

Be Safe – Backup Your Data Regularly!

**********

And don’t forget to take advantage of our FREE subscription to the TechViews News Updates. You will receive all of our updates and posts the moment they are published.

Advertisements