Recent research conducted by Fortra found that phishing emails are seen as the most dangerous threat to businesses across all email platforms. In fact, the most common way hackers gain access to M365 accounts is through targeted phishing attacks – also known as spear phishing.
In order to execute a spear phishing attack, a cybercriminal sends an email (or emails) to employees, seemingly from a trusted source – often C-suite and suppliers – requesting them to click on a malicious link. Once the employee clicks on the link, it redirects them to a spoofed login page where the hacker is then able to harvest sensitive information including log-in credentials that the unsuspecting employee provides. Having access to log-in details enables cybercriminals to steal sensitive information held in the cloud, impersonate an account holder, distribute further spear phishing emails from a legitimate account, or deliver a ransomware payload into the network. These kinds of attacks often go undetected long enough to allow the hacker to steal the information they need to cause major disruption to any business.
End Unauthorized Access Anguish
Another common way of accessing a M365 environment is for cybercriminals to force their way into accounts using a sequence of obvious passwords. While one of the benefits of the M365 cloud platform is its widespread accessibility for employees, this can also pose a threat to security, offering this same access to cybercriminals. If a hacker harvests an employee’s password, they will have instant access to the account and broader environment.
Because M365 is designed for remote access, identification of unauthorized access to accounts is not instantly detected, making it much easier for hackers to attempt multiple log-ins and be granted access. In addition, targeting one employee at a time – rather than everyone within an organization – reduces the chance of detection further and once a cybercriminal has access to one account, it makes it extremely easy to infiltrate from the inside.
Access to one individual’s account could allow a maliciously motivated individual to gain access to documents and databases and steal sensitive information that resides in the platform and within emails. Hackers could also set up auto-forwarding rules so that the compromised account sends copies of emails to another email address without detection.