Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha
December 11, 2018
Latest Cyber News, Help & Advice

Advertisement 

×

Message

EU e-Privacy Directive

This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.

View e-Privacy Directive Documents

You have declined cookies. This decision can be reversed.

Two-factor auth totally locks down Office 365

Written by  Jul 15, 2018

Hackers can potentially obtain access to Microsoft Office 365-hosted emails and calendars even if multi-factor-authentication is thought to be in place, we were warned this week.

Cybercrooks are able to force their way into corporate Office 365 accounts, bypassing single sign-on or multi-factor authentication, by targeting older systems, according to email security biz Proofpoint.

The trick is to target legacy services that use weak or known passwords, are not secured behind multi-factor-authentication, and, once commandeered, can be used to poke around inside the corporate structure. If you don't know the password, it could be phished via email or instant message.

This all may seem obvious, but apparently people are being stung by it.

"The current wave of attacks mostly goes after Exchange Web Services and ActiveSync," said Ryan Kalember, Proofpoint's senior vice president of cybersecurity strategy, earlier this week. "A little real-time phishing gets mixed in, but is usually not necessary."

Advertisement 

Real-world examples

For example, Proofpoint recently saw an attacker access the Office 365 account of the chief exec of a 15,000-user financial services and insurance firm. The hacker viewed the CEO's emails and calendar in order to sniff out an opportunity to run a sneaky scam.

At the same time the chief exec was in scheduled meetings with suppliers, the intruder used the compromised account to send an email to the chief financial officer asking for funds to be shifted. The unnamed financial services firm lost $1m over the course of several transfers, it is claimed.

Compromised Office 365 accounts in a 75,000 user real-estate investment firm were used to run another scam. Five executives, including some regional general managers, had their accounts compromised. With access to their Office 365 email, attackers managed to change the ABA routing numbers for corporate funds. The company lost over $500,000 as a result, according to Proofpoint.

By the most remarkable of coincidences, the security shop has released something called Proofpoint Cloud Account Defense (CAD) to detect and proactively protect against compromised Microsoft Office 365 accounts. Kalember explained the need for additional layers of defenses.

"It's really hard for most orgs to cover all the interfaces to Exchange with MFA [multi-factor authentication]," Kalember toldEl Reg.

"Particularly with EWS [Exchange Web Services], you need to be 1) fully migrated to O365, 2) use Microsoft's own MFA, and 3) in Modern Authentication mode. The tech can't support native iOS/Android mail clients, etc."

In other words, you may think you're fully protected – but maybe you should check again. Save yourself some pain in the future. ®

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Top News

Error: No articles to display

Advertisement 

  1. Popular
  2. Trending
  3. Comments

Calendar

« December 2018 »
Mon Tue Wed Thu Fri Sat Sun
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            

Advertisement 

Advertisement