WEB AND MOBILE FRAUD
Two out of every three UK companies have suffered brute force attacks against Microsoft 365 accounts during the past three months
A startling 66 per cent of businesses have been impacted - up from 48 per cent in the first quarter of the year, according to a survey conducted by Bluedog Security Monitoring.
The company reports that around eight per cent of all businesses surveyed suffered breaches in the second quarter as a result of the attacks. The business has also seen a 22 per cent rise in phishing attacks targeting the creation of apps within Azure. The business believes every company is now being targeted at least once a week by this type of attack and, in some cases, five or six times a day.
Tim Thurlings, CTO of Bluedog Security Monitoring, asserts that the fraudsters are particularly targeting accounts, finance departments and credit collections teams.
“The phishing attacks trick users into going to the legitimate Microsoft login page and giving permission to create an app that allows access to files, e-mails and mailbox settings,” stated Thurlings.
“They can then set up a ‘forward and delete’ rule. Any e-mails the employee sends out are automatically forwarded to the hacker who can then amend the bank account number or insert a request to change the payment details before sending on to the victim. The original e-mail is then deleted from the sender’s mailbox.”
He continued: “This attack pattern can be mitigated by regulating the access of third party integrated apps. Attackers can maintain persistent access to services through these integrated apps without relying on compromised accounts. IT teams should only allow access to necessary apps that support robust security controls. It’s also vital to enable the use of multi-factor authentication on all Microsoft 365 accounts as this will help stop brute force attacks.”
Bluedog Security Monitoring observes that the rise in attacks is linked to the lockdown.
Thurlings added: “As more companies switch their employees to the Microsoft 365 system, it’s harder to safeguard against these risks. Ultimately, companies need to use monitoring to detect where a breach has occurred. A Microsoft 365 monitoring service is a simple and low-cost solution that can be activated remotely and will spot the warning signs, such as a change of settings or permissions, such that companies can step in and block access before any real damage is done.”