{"id":13823,"date":"2020-10-15T09:20:57","date_gmt":"2020-10-15T05:20:57","guid":{"rendered":"https:\/\/techxmedia.com\/?p=13823"},"modified":"2025-04-18T00:21:27","modified_gmt":"2025-04-17T20:21:27","slug":"vectra-highlights-office365tools-are-used-enterprise-cyberattacks","status":"publish","type":"post","link":"https:\/\/techxmedia.com\/en\/vectra-highlights-office365tools-are-used-enterprise-cyberattacks\/","title":{"rendered":"Vectra highlights how Office 365 tools are used in enterprise cyberattacks"},"content":{"rendered":"\n<p>Vectra released its <a href=\"https:\/\/www.vectra.ai\/download\/spotlight-report-office365\">2020 Spotlight Report on Microsoft Office 365<\/a>, which highlights the use of Office 365 in enterprise <a href=\"https:\/\/techxmedia.com\/tag\/cyberattacks\/\">cyberattacks<\/a>. The report explains how <a href=\"https:\/\/techxmedia.com\/tag\/cybercriminals\/\">cybercriminals<\/a> use built-in Office 365 services in their attacks.<\/p>\n\n\n\n<p>Attacks that target software-as-a-service (SaaS) user accounts are one of the fastest-growing and most prevalent problems fororganisations,even before COVID-19 forced the vast and rapid shift to remote work. With many organisations increasing their cloud software usage, Microsoft has dominated the productivity space, with <a href=\"https:\/\/office365itpros.com\/2020\/04\/30\/office365-teams-power-growth\">more than 250 million active users each month<\/a>. Office 365is the foundation of enterprise data sharing, storage, and communication for many of those users, making it an incredibly rich treasure trove for attackers.<\/p>\n\n\n\n<p>\u201cWithin the new work-from-home paradigm, user account takeover in Office 365 is the most effective way for an attacker to move laterally inside an organisation\u2019s network.\u201d said Chris Morales, head of security analytics at Vectra. \u201cWe expect this trend to magnify in the months ahead. Attackers will continue to exploit human behaviours, social engineering, and identity theft to establish a foothold and to steal data in every type of organisation.\u201d<\/p>\n\n\n\n<p>Even with the increasing adoption of security postures to protect user accounts such as <a href=\"https:\/\/techxmedia.com\/tag\/mfa\/\">multifactor authentication <\/a>(MFA), 40 percent of organizations still suffer from Office 365 breaches, leading to massive financial and reputational losses. In a recent study, analyst firm Forrester Research put the cost of account takeovers at $6.5 billion to $7 billion in annual losses across multiple industries.<\/p>\n\n\n\n<p><strong>Techniques used by Office 365 attackers:<\/strong><\/p>\n\n\n\n<p>Attackers use several common techniques to get access to user\u2019s Office 365 accounts including:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Searching through emails, chat histories, and files looking for passwords or interesting data<\/li><li>Setting up forwarding rules to get access to a steady stream of email without needing to sign-in again<\/li><li>Leveraging the trusted communication channel \u2014 the email isn\u2019t spoofing an email from the CEO; it is an email from the CEO \u2014 to socially engineer employees, customers or partners<\/li><li>Planting malware or malicious links in documents that many people trust and use, again leveraging trust to get around prevention controls that may trigger warnings<\/li><li>Stealing or holding files and data for ransom<\/li><\/ul>\n\n\n\n<p>However smart<a href=\"https:\/\/techxmedia.com\/tag\/cybercriminals\/\"> cybercriminals<\/a> can launch attacks that are far more sophisticated targeting legitimate tools and services such as Power Automate (an application which lets users create custom integrations and automated workflows between Office 365 applications), Microsoft eDiscovery (an electronic discovery tool that searches across Office 365 applications\/data and exports the results) and OAuth (an open standard for access authentication).<\/p>\n\n\n\n<p>In fact, research from the Vectra 2020 Spotlight Report on Office 365 found:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>96 percent of customers sampled exhibited lateral movement behaviours<\/li><li>71 percent of customers sampled&nbsp;exhibited suspicious Office 365 Power Automate behaviours<\/li><li>56 percent of customers sampled&nbsp;exhibited suspicious Office 365 eDiscovery behaviours<\/li><\/ul>\n\n\n\n<p>\u201cIdentifying user access misuse has been treated as a static problem using approaches that are prevention-based, policy control-centric, or rely on manual entitlements that surface threats as they occur, leaving little time to properly respond. These approaches continue to fail,\u201d continued Chris. \u201cSecurity teams must have detailed context that explains how entities utilize their privileges \u2014 known as observed privilege \u2014 within SaaS applications like Office 365. Just as attackers observe or infer interactions between entities, defenders should think similarly about their adversaries. This translates into understanding how users access Office 365 resources and from where, but without looking at the full data payload to protect privacy. It is about the usage patterns and behaviors, not the static access. Ideally, when security teams have solid information and expectations about SaaS platforms, malicious behaviors and privilege abuse will be much easier to quickly identify and mitigate.\u201d<\/p>\n\n\n\n<p>The report is based on the participation of 4 million Microsoft Office 365 accounts monitored by Vectra from June-August 2020, representing the first 90 days of market availability for the company\u2019s SaaS product, <a href=\"https:\/\/www.vectra.ai\/products\/cognito-detect-office365\">Cognito Detect<sup>\u2122<\/sup> for Office 365<\/a>.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.vectra.ai\/download\/spotlight-report-office365\">Click here<\/a> to download the Vectra 2020 Spotlight Report on Office 365. Read our <a href=\"https:\/\/www.vectra.ai\/blogpost\/spotlight-report-office365\">companion blog here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With many organisations increasing their cloud software usage, Microsoft has dominated the productivity space, with more than 250 million active users each month. Office 365 is the foundation of enterprise data sharing, storage, and communication.<\/p>\n","protected":false},"author":8,"featured_media":13825,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1595,9621],"tags":[1890,1942,963,2359,4363],"contributor":[],"class_list":["post-13823","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-emerging-technologies","tag-cyberattacks","tag-cybercriminals","tag-mfa","tag-microsoft-office-365","tag-office-365-tools"],"featured_image_src":"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2020\/10\/Vectra-TECHx.jpg","author_info":{"display_name":"News Desk","author_link":"https:\/\/techxmedia.com\/en\/author\/rabab\/"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/13823","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/comments?post=13823"}],"version-history":[{"count":0,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/13823\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media\/13825"}],"wp:attachment":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media?parent=13823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/categories?post=13823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/tags?post=13823"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/contributor?post=13823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}