It’s no secret that hackers are attracted to large and lucrative targets in the vast digital sphere. Oftentimes, the largest targets present the most avenues for attack. And with over 300 million users worldwide, Microsoft 365 is one of those large targets. Over 80% of deployed Microsoft 365 accounts have suffered an email breach and over 70% have suffered an account takeover. 

With the uptick in remote work and therefore more work being performed on home devices due to the COVID-19 pandemic, the need for robust enterprise cybersecurity has only risen. The reality is, native and legacy data protection solutions are falling short. With more businesses considering permanent office/remote hybrid workplaces  each passing day, data protection solutions, including suitable backup and recovery, must keep pace.


The current threat landscape for Microsoft 365

Hackers are leveraging every tool at their disposal to steal critical and sensitive information from governments, businesses, and other non-state actors who rely on Microsoft 365. These tools are growing in scope and complexity, and in some cases, hackers are even leveraging Microsoft capabilities themselves. It was discovered in March 2022, that to enhance phishing attacks against Microsoft 365 users, hackers are using Static Web Apps (a service provided by Microsoft Azure), to create false landing pages which contain Microsoft’s logo. 

More disturbingly, these false pages contain the Single Sign-On (SSO) option which harvests Outlook, Office 365, and other credentials. The page provides the user with a seemingly authentic TLS certificate which provides a padlock in the URL bar and the correct URL a vigilant user would be searching for. An attack of this type, left unchecked, could provide malicious actors with a treasure trove of sensitive data. 

With an ever-increasing number of critical datasets being stored on M365 ecosystems, this places large security burdens on native protection solutions. Under shared protection models, M365 users are responsible for their own network security, leaving them vulnerable to attacks not covered by Microsoft’s protections. While Microsoft protects the M365 cloud infrastructure, clients have to protect what they put in it.

Hackers are also using Microsoft 365’s rapid adoption against it. As Microsoft 365 functionality increases, clients are more likely to use the suite exclusively. Attack vectors can be found in Microsoft Office Online, Outlook, OneDrive, Sharepoint, Microsoft Teams ,and more. Third-party cloud providers also enable hackers to find multiple ways into systems as IT admins tend to focus on their internal systems, Microsoft architecture, and licensing parameters. They may not spend as much time learning about the numerous third-party applications with which their networks must engage to perform essential or desired system functions.

Threat levels have increased as ransomware and phishing attacks have become cheaper and easier to facilitate. Ask yourself: what damage could a hacker do to your IT infrastructure with administrative credentials? Stolen credentials can be purchased for around $50 or less in some cases, on average, depending on perceived enterprise value. DDOS attacks against unprotected sites can be acquired for $300 per month, paralyzing a business’ ability to perform any work on the affected sites. 

What’s more troubling is the economy behind these attacks continues to mature through the use of cryptocurrency. Ransomware kits can be advertised and sold on the dark web, and funds can be held in escrow to ensure the kit works as promised before payment is delivered to the creator. Increasingly, cybercriminals need to possess less technical expertise to successfully launch attacks.

One such way to intrude, called business email compromise, is highly lucrative. There are many ways for hackers to make illicit gains while pretending to be a legitimate business email account. For example, hackers will set up free email accounts, change the display name depending on the target, and then write their targets asking them to purchase gift cards on behalf of a superior, often with corporate funds. 

How you can fight back

For most businesses, there is a steep hill to climb to install a culture of security in staff. With remote and flexible work, there are numerous new challenges presented. To start, the silo effect firms seek to break down has only been reinforced in recent years. In addition, so-called “digital exhaustion” may lead staff to forgo individual security measures, such as checking the URLs of all embedded links, or contacting IT when a possible intrusion attempt has been spotted. 

To preserve the continuity of service, basic network security for staff is a must in 2022 and beyond. Organizations that still use legacy authentication, i.e. password protection only, face ten times the number of attacks that organizations that use multi-factor authentication encounter. Hackers want the most access with the least effort, so these organizations are ripe for data theft.

Part of the issue companies and others face when dealing with attacks is that businesses need to keep the flow of information moving. They need to secure revenue, exchange vital data with internal and external partners, and perform other essential functions. This information flow is what hackers rely on to slip attacks into targeted networks undetected. 

Another factor to consider is how a company’s industry is perceived politically and economically at any given point in time. This ever-changing status could affect the volume and intensity of attacks against certain companies and networks. For example, any industry which is subject to pending legislation that grants additional government oversight may be a prime target for hackers. Hackers may attempt to extract that data before the added scrutiny and subsequent penalties take effect.

So why do hackers target Microsoft 365?

  • Depending on the target, it can be highly lucrative.

  • More and more businesses are migrating essential data and functions to Microsoft 365 as integration and ease of use reduces friction and streamlines services and communication.

  • Third-party cloud applications provide additional attack angles that may be difficult to spot.

  • Certain users may not have begun embracing multi-factor authentication, and they are attacked 10x more often than those that do.

  • Machine learning allows hackers to download data en masse and sift through it as their compromised access continues. 

What can you do to mitigate these attacks on your Microsoft 365 ecosystem?

  • Train staff on IT security and ingrain a culture of vigilance. Threats are everywhere, but a few simple tips can mitigate the effects of many attacks.

  • Set up Multi-factor authentication. Multifactor authentication is one of the best and easiest ways to protect yourself from someone stealing your login credentials.

  • Protect your passwords and never use the same password for multiple accounts.

  • Have an insulated and robust data recovery and backup capability ready at a moment’s notice. 

  • Backup all Microsoft data often, multiple times per day. 

  • Bolster your defense in-depth approach with third-party recovery.

  • Remember that the ability to restore systems after an attack is almost as good as preventing them in the first place. Continuity of service is vital and will keep your customers happy and protected.

Securing your Microsoft 365 environment, including Microsoft Teams, Microsoft Outlook, Microsoft Exchange, Microsoft Sharepoint, and Microsoft OneDrive is paramount to business continuity. To plan a path forward, check out our Defense in-Depth session at the Rubrik + Microsoft Zero Trust Summit here.