March 21, 2021

Office 365 Account Takeovers

Entry Type
Security Guidance
Threat Type
Vulnerability
Platform(s) Affected
Security Guidance
Vulnerability

Lookout Coverage and Recommendation for Admins

Lookout admins can implement Lookout CASB in addition to Lookout Mobile Endpoint Security to secure their organization against this surge in attacks. Doing to will enable them to monitor third-party applications connected to cloud services such as Office 365 and distinguish between legitimate and malicious activity. Requiring that mobile security be installed before accessing Office 365 is a key policy to be implemented.

Admins can also define context-aware adaptive access control policies to deliver Zero Trust access. Finally, leveraging enterprise digital rights management (E-DRM) will automatically envelop data with advanced encryption based on its sensitivity.

Overview

Recently, there has been a notable surge in Microsoft Office 365 account takeover attacks. This surge comes as no surprise as organizations have fully embraced the collaborative cloud-based services that Office 365 offers. With a more highly distributed workforce, organizations have lost control and visibility into access and behavior within these services as employees use a mix of managed and unmanaged endpoints to access them.

Lookout Analysis

At the same time, the expanded remote workforce has also increased organizations’ threat surface in the cloud, with a greater concentration of remote attacks and breaches on the Office 365 collaboration services. Threat actors are leveraging social engineering as part of greater phishing campaigns to steal login credentials, enter corporate infrastructure, and steal sensitive data. Since the Office 365 suite enables teams to collaborate on everything from strategy to company finances, attackers know a successful account takeover grant them access to valuable data.

Lookout Coverage and Recommendation for Admins

Lookout admins can implement Lookout CASB in addition to Lookout Mobile Endpoint Security to secure their organization against this surge in attacks. Doing to will enable them to monitor third-party applications connected to cloud services such as Office 365 and distinguish between legitimate and malicious activity. Requiring that mobile security be installed before accessing Office 365 is a key policy to be implemented.

Admins can also define context-aware adaptive access control policies to deliver Zero Trust access. Finally, leveraging enterprise digital rights management (E-DRM) will automatically envelop data with advanced encryption based on its sensitivity.

Colleagues standing in an open meeting area and sharing a humorous moment

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Other Related Threats

New

September 22, 2023

iOS 16.6.1 and iOS 17.0

Apple recently released two software updates for iOS and iPad OS for vulnerabilities that can form an exploit chain and are also known to install Predator spyware.

September 15, 2023

Scattered Spider

September 19, 2023

CVE-2023-4863