More than 4,000 Office 365 accounts are affected by account hijacking attacks

Recently launched Account Takeover (ATO) attacks are thought to have affected about 4,000 Office 365 accounts. Most of these accounts were hijacked and then used. used to perform many different malicious activities.

Details of this month-long attacks were made by security researchers at Barracuda Networks in a report published on May 2, 2019. According to the information detailed in the newspaper. This privacy statement says: 'There has been an alarming increase in the number of hijacked Office 365 accounts, making it one of the fastest and most unpredictable email security threats. since the beginning of 2019 up to now. In addition, a recent analysis conducted for Barracuda Networks customer account hijacking attacks also found that up to 29% of organizations and businesses own Office 365 accounts. Hackers invaded around March 2019 '.

1. Dell computers became victims of RCE attacks by vulnerabilities in SupportAssist

In addition, the Barracuda Networks report also revealed that in just one month (March 2019), there were more than 1.5 million malicious emails and spam sent from previously hijacked Office 365 accounts. ATO attacks.

Barracuda Networks researchers explained that the criminals behind ATO attacks basically used various methods to perform attacks, including taking advantage of the login credentials. Stolen in previous data breaches, as well as some attacks done through business and web applications (including SMS).

Security expert Asaf Cidon, vice president of Barracuda Networks content security services, explained in detail how hackers conduct attacks in a blog post as follows: 'First, crime The network will use deceptive, social and deceptive brand name email messages to steal login information and access the victim's Office 365 account. After being able to gain access to the targeted account, hackers will follow the activity to find out how an individual or organization works, and collect email signature information. victims of use as well as how they handle financial transactions . can then launch attacks with a higher likelihood of success, including collecting additional login information for many talents. Other provisions'.

1. Malware stored in Google Sites sends data to the MySQL server

Thus, in general, attacks usually start with intrusion (hackers often impersonate Microsoft, every 3 ATO attacks are done in this direction) and use technical tricks. society to entice users to access phishing sites that make them reveal their login information. Hackers will rarely launch an attack immediately after violating the account, instead, they will start tracking emails as well as the details of the organization's activities, which will help maximize. The opportunity to carry out attacks in general, helps to bring significantly higher success rates.

'Phishers often set up special mailbox rules to hide or delete any emails they send from compromised accounts as part of a sophisticated exploration plan. In the March 2019 analysis done by security researchers at Barracuda Networks, we found that hackers have established malicious rules to hide their activity in the account. 34% of nearly 4,000 Office 365 accounts were illegally hacked, "said Asaf Cidon.

After completing the exploration process, hackers will begin to select and target high-value accounts (for example, boxes of executives, financial staff, and senior managers). .) in an organization using the credentials of these people. In addition, hackers will use both phishing tricks and brand identity to collect login information for similar high-value accounts. Typically, they will use domain name spoofing techniques or the same fake domain names to make the phishing campaign look more convincing.

1. Apple updates XProtect to block 'Windows' malware on a Mac

'Hackers will also use compromised accounts to make money from other attacks by stealing personal, financial and confidential data and using it to perform identity theft, scams and many other illegal activities. In addition, appropriated accounts will also be used to launch external attacks targeting the victim's partners and customers. With the hijacking of conversations, hackers can invade many important conversations or topics, such as in other valuable transfers or financial transactions, 'said Asaf. Cidon explained.

Organizations and businesses need to pay special attention to attacks like these because they can cause tremendous financial damage. And hackers can even make money by targeting payment and bank transfer activities by redirecting transactions to the bank account they control.

1. [Infographic] How to recognize and prevent Phishing attacks

How to fight this dangerous ATO attack?

Security researchers at Barracuda Networks have also come up with a number of recommendations that can help ensure comprehensive protection for organizations and businesses against similar account hijacking attacks.

The first step that can help mitigate these attacks is the application of artificial intelligence to the general security process. Machine learning models can be used to analyze normal communication patterns in an organization and detect anomalies, thereby helping to indicate attacks (phishing). This is done by skipping spam ports and filters.

1. Malicious ad campaigns abuse Chrome to steal 500 million iOS user sessions

In addition, the Barracuda Networks team also recommends that organizations implement safeguard measures to hijack accounts with artificial intelligence, which can help identify signs of appropriation and take action most suitable deputy.

In addition, using multi-factor authentication, inbox rule monitoring, suspicious login and employee training in identifying and reporting risks from phishing attacks are also ways to reduce them. minimizing the efficiency that organizations and businesses need to implement.