The UK's National Cyber Security Centre has published its incident trends report for October 2018 and April 2019 and it is not good news for Office 365 users. The report states that cloud services, and Office 365 in particular, have become the primary target observed in recent months.
While traditional models of on-premise IT services were frequently isolated from the internet, the widescale move to cloud services has put the IT of many enterprises within reach of internet-based attacks. In some cases, these services are only protected by a username and password.
There has been significant use of tools and scripts to try and guess users’ passwords. This has almost become the daily norm for Office 365 deployments.
Attacks can now be mounted at scale across the Internet without ever having a foothold within the corporate infrastructure. A successful login will give access to corporate data stored in all Office 365 services. For example, both SharePoint and Exchange could be compromised, as well as any third-party services an enterprise has linked to Azure AD.
The most common attack affecting Office 365 is password spraying, which attempts a small number of commonly used passwords against multiple accounts over a long period of time. This doesn’t tend to trigger account lockouts because the limit of failed attempts is not reached, and as a result can make it much harder for IT security teams to spot.
In most cases, attackers aren’t after just one specific account, and using this method can target a large number of accounts in one organisation without raising any security suspicion.
The full report can be viewed here.
TrendMicro Midyear Cybersecurity Assessment
The first six months of 2019 saw organisations dealing with a broad range of incoming threats and, more urgently, tackling threats that had already gained a foothold in their systems, according to the midyear trend assessment carried out by TrendMicro.read more
DOS And DDOS - What's The difference
Online knowledge base Wikipedia suffered an outage at the weekend following a Distributed Denial Of Service (DDOS) attack. The company released a statement: "Wikipedia was hit with a malicious attack that has taken it offline in several countries for intermittent periods. The attack is ongoing and our Site Reliability Engineering team is working hard to stop it and restore access to the site."read more
Hackers Targeting Office 365 A Growing Threat
The UK's National Cyber Security Centre has published its incident trends report for October 2018 and April 2019 and it is not good news for Office 365 users. The report states that cloud services, and Office 365 in particular, have become the primary target observed in recent months.read more
New Canon Survey Reveals Critical Gaps in Companies' Cybersecurity Agendas
While digital transformation helps companies work smarter, there is a risk that the ongoing digitization may unlock a host of security vulnerabilities that can cost companies money, time, intellectual property, and customer trust. In its latest Office of the Future survey, released today by Canon USA.read more