Microsoft Office 365, Exchange and Outlook are constantly targeted by sophisticated attacks that exploit its email ecosystem at the server and web client levels.

Not only are these systems subject to malware and phishing coming through email communications, but recently several security organizations also identified successful brute force login attacks against key targets in Office 365.

This is a paramount use case on why users should be concerned about their access to widely-used systems and that can experience severe credential theft.

This was a direct attack that took place over the course of several months and targeted a handful of victims every time - such a “low volume strategy” prevented the cloud service provider (Microsoft) from detecting such attacks in its network traffic monitoring.

This sophisticated attack used leaked passwords for other services that were found on the internet, and consisted of attempting those passwords with massive login attempts and using combinations of the victim’s name as the email address. Obviously, the attackers were hoping that the user would have the same password across Office 365 and the leaked system. In a few particular cases, the attackers have been successful and managed to take control of the victim’s email account.

With more than 100 million monthly active subscribers, Microsoft Office 365 is increasingly becoming the target of widespread credential-harvesting campaigns. The example above led to severe damages for several organizations and users, with hits at high-level employees at multiple Fortune 2000 organizations reported. These organizations often rely exclusively on this cloud provider for the majority of its work (email, document storing, Skype, and maybe even other common cloud software, such as Dynamics, Project, or Sharepoint). It is easy to understand that an account takeover in anyone of these systems could signify a company-wide breach.

In the case of stolen credentials for an Email system (such as the one that happened with MS Office 365) the possibilities for the attacker are endless: from uncovering existing and new email for confidential information to impersonating the affected user and spoof other users into performing certain actions. Microsoft Outlook, for instance, already has the ability to independently store attachments from emails in a separate system, making it much easier for the attacker to go through the victim’s important information.This attack demonstrates the importance of efficient, password management.

It is very important to have adequate password policies and systems; our recommendation is:

1. Have different passwords for different services

Changing passwords frequently is important , but having a tough, hard-to-break password for every single service is the best protection against hackers. There are password management services that allow you to generate passwords for each service, activated by using one single master password. And for that master password, regardless of the characters used, users should make it reasonably longer - including blank spaces - for better results.

2. Use multi-factor authentication

Then there is multi-factor authentication. Getting an access authorization, confirmed with distinct devices (e.g. browser password and mobile confirmation code) makes it much harder for an attacker to make use of stolen credentials. It will basically mean that an attacker must obstruct two forms of communication.

3. Employ systems that can detect abnormalities in user access

The last measure, but also important is to have an authentication system that is able to detect strange behaviors - from the traditional lock on failed attempts to the more sophisticated source restriction based on time, location, and IP (for instance, two logins from two different countries in a space of minutes).

Regarding our Cloud Email Protection service, authorized access location, advanced password policies, multifactor authentication, and a full-blown secure website, ensures our email security service complies with the best practices of password management.

Source: AnubisNetworks