Account Takeover:
The Best Practices for Full Protection
Microsoft Office 365 is transforming the way organisations work.
As cloud adoption accelerates, many businesses are now facing the ultimatum: adopt, migrate or risk irrelevancy. Within the past year, 70% of Fortune 500 companies have purchased Office 365.
The biggest draw? Cost efficiency, remote access and cloud back up, allowing employees to work effectively and collaborate in real-time with guaranteed security – or is it?
Alongside the advantages of Office 365 come a range of challenges and the shortfalls.
Recently, Barracuda Networks reported hackers were successful in targeting Microsoft Office 365 accounts. 29% of organisations had their Office 365 accounts compromised by hackers in March 2019 alone.
In light of this, and many other incidents, the US Cybersecurity and Infrastructure Security Agency (CISA), is pleading with organisations to implement better practices when using Office 365 across their enterprises. UK government officials are following suit, making a similar plea to help reduce the frequency of account takeover attacks.
It is clear that whilst many businesses are ready to implement software such as Office 365, they do not fully comprehend the breadth of potential attacks or their organisation’s susceptibility to them. Ultimately, organisations are failing to deploy the right safety measures to protect their cloud-based data. In fact, what’s concerning is that 40% of IT leaders believe Microsoft provides the capabilities to fully protect their Office 365 environments.
In this guide, we are exploring inherent risks within Office 365 and the best practices to safeguard against them.
Common Types of Attacks
There are three common hacking techniques used to gain access to Office 365 accounts: brute force attacks, spear phishing, and the dark web.
Brute Force Attacks
Brute force attacks are a trial and error method used by hackers, involving an exercise of what you could call password guessing, and executed using automation.
In attacks on Office 365 accounts, brute force techniques use an automated software to generate consecutive guesses to unlock encrypted data.
Attackers often target specific individuals in organisations rather than the whole organisation or multiple employees. This method is effective and successful as it primarily reduces the chances of attack detection by the cloud service provider.
Spear Phishing
Spear phishing is a personalised attack, targeting organisations or individuals. Hackers usually impersonate a well-known brand – 32% of brand impersonation attacks impersonate Office 365 – and ask users to urgently take action.
Hackers use this technique to entice victims to click on a link which then redirects them to a spoofed login page.
Here they are asked to provide log in credentials or other sensitive data. This login page then allows the actor to harvest victim Office 365 credentials usually for financial gain.
Dark Web
The dark web is a wild west when it comes to security.
An unimaginable amount of log-in details are available on the dark web, all of which have been collected from years of data breaches.
Hackers purchase these details and use them to log in to accounts and take them over. Users open themselves up to this kind of attack by using the same password across personal and business accounts. It’s only a matter of time until a hacker purchases your users’ passwords and attempts to take over your business accounts.
What are the best practices for protecting your Office 365?
Being that Office 365 account-takeover attacks have become so prevalent, and lucrative, it is worth talking about how these attacks happen and what can be done to prevent them.
The overall governance of your Office 365 environment has less to do with the technology and more to do with the practices and procedures put in place by your organisation.
BEST PRACTICE 1:
Training and Education
Access to one individual’s account could allow a maliciously motivated hacker to gain access to documents and databases and steal sensitive information that resides within the Office 365 platform and within emails. Hackers could also set up auto-forwarding rules so that the compromised account sends copies of emails to another email address without detection.
To limit the impact and frequency of account takeover attacks, you need to educate your employees.
Teach your employees about what account takeover attacks are, how they occur, and what steps they can take to limit chances of falling victim. For instance, your training sessions should address how often employees should change their passwords (and that they shouldn’t reuse passwords, ever). It should also hammer home that you should never click on a link that asks you to enter your Office 365 login details – it is far better to launch your browser and head to your account that way.
Finally, encourage your employees to stay vigilant: ask them to look out for suspicious requests from colleagues or partners, and to report any odd behaviour immediately.
Where organisations go wrong is regarding employee training as a one-off box ticking exercise.
What’s needed are frequent training sessions, ensuring the organisation is up to date with the ever-changing and sophisticated techniques that hackers adopt.
BEST PRACTICE 2:
Multi-factor Authentication
Office 365 is designed for remote access.
Unauthorised access to accounts is not often monitored or instantly detected, making it easy for hackers to attempt multiple logins to gain access.
In addition, targeting one employee, rather than the whole organisation reduces the chances of detection once cybercriminals gain access, making it easy to infiltrate from the inside.
When hackers adopt automation to make these password guesses, it’s known as a brute force attack. As stated earlier, employees often use the same password across multiple platforms, increasing hackers’ chances in guessing passwords and gaining access to a plethora of information.
Multi-factor Authentication (MFA) provides a much-needed layer for protection to Office 365 platforms.
After employees sign into the platform with their usual password, it allows a second factor to further authenticate the sign in and ensure it is genuine. This could be in the form of another password, a number-sequenced code from an authenticator app or text message, or by using biometrics such as a fingerprint.
BEST PRACTICE 3:
Leverage Artificial Intelligence
By leveraging advance technologies such as Artificial Intelligence (AI), organisations can easily identify when accounts have been compromised, not only alerting users but removing malicious emails sent from compromised accounts.
By 2021, Gartner predicts that AI will create $2.9 trillion of business value and 6.2 billion hours of worker productivity globally. Securing organisations whilst driving transformation is an increasing challenge. The amount of data organisations deal with is expanding at an unprecedented rate and becoming more valuable at each turn.
Whilst threats and methods attackers use become more sophisticated, so do flexible work cultures. Increasing security risks and warranting organisations to do more. With AI, organisations can automate and leverage AI capabilities, uncovering hidden insights and actively monitoring undetectable threats.
AI can help to secure organisations against increasing threats and the risks caused by pervasive attacks that capitalise on increasing workplace flexibility.
BEST PRACTICE 4:
Use Dedicated Administration Accounts
A quick win and sure-fire way to mitigate the risk of potential attacks is using dedicated administration accounts. These must be role specific, granting access to only those that need it.
What access do each of your employees need, or specifically what access does their role require?
Limiting access inherently protects your organisation when a breach occurs.
Ensuring when an account is breached, the malicious actor doesn’t gain access to unnecessary resources.
BEST PRACTICE 5:
Enhancing Security with Artificial Intelligence
With account takeover attacks occurring at such a frequent rate – one in every three Office 365 customers suffer from an account takeover attack every month – there is only one way to enhance your security protocols reliably: Artificial Intelligence (AI).
Products like Barracuda’s Sentinel seamlessly integrate with Office 365 APIs to detect attacks and malicious intent coming from both internal and external sources, without IT administration. These AI solutions analyse historical and inbound data to identify anomalies and flag fraudulent emails. This reduces the chance of employees clicking on malicious URLs and attachments.
Taking advantage of the ability to plug into third-party applications to improve the security of a Microsoft Office 365 platform will enhance the protection of critical data being stored across the cloud service, all while allowing employees to go about their day-to-day business without disruption.
Does your current email security capabilities meet your requirements?
If not, why not consider a third-party solution like Barracuda Sentinel to enhance your Office 365 security?
