The UK's National Cyber Security Centre has published its incident trends report for October 2018 and April 2019 and it is not good news for Office 365 users. The report states that cloud services, and Office 365 in particular, have become the primary target observed in recent months.
While traditional models of on-premise IT services were frequently isolated from the internet, the widescale move to cloud services has put the IT of many enterprises within reach of internet-based attacks. In some cases, these services are only protected by a username and password.
There has been significant use of tools and scripts to try and guess users’ passwords. This has almost become the daily norm for Office 365 deployments.
Attacks can now be mounted at scale across the Internet without ever having a foothold within the corporate infrastructure. A successful login will give access to corporate data stored in all Office 365 services. For example, both SharePoint and Exchange could be compromised, as well as any third-party services an enterprise has linked to Azure AD.
The most common attack affecting Office 365 is password spraying, which attempts a small number of commonly used passwords against multiple accounts over a long period of time. This doesn’t tend to trigger account lockouts because the limit of failed attempts is not reached, and as a result can make it much harder for IT security teams to spot.
In most cases, attackers aren’t after just one specific account, and using this method can target a large number of accounts in one organisation without raising any security suspicion.
The full report can be viewed here.
Secure Working From Home During Coronavirus
In the wake of the coronavirus, many organisations internationally are allowing people to work from home to lessen the risk of contagion, but is this wise from a cybersecurity point of view? While companies generally have a cybersecurity policy in place that governs the use of anti-virus and firewall protection, individuals without any tech knowledge could fall foul of cybercriminals.read more
Crypto Miners, Targeted Ransomware Dominate the Threat Landscape
Twenty-eight per cent of all organisations worldwide were impacted by malicious multi-purpose botnets and targeted ransomware attacks rose by 20% according to Check Point Research, the Threat Intelligence and Research arm of Check Point Software.read more
Kaspersky's Top 7 Mobile Security Threats in 2020
Mobile device security threats are on the rise. In 2014, Kaspersky detected almost 3.5 million pieces of malware on more than 1 million user devices.read more
SEC Releases Guide To Combat Cybersecurity Threats
The Securities and Exchange Commission has released a guide to best practices to combat cybersecurity infractions, data loss and privacy breaches.read more