Hackers Targeting Office 365 A Growing Threat

The UK's National Cyber Security Centre has published its incident trends report for October 2018 and April 2019 and it is not good news for Office 365 users. The report states that cloud services, and Office 365 in particular, have become the primary target observed in recent months.

While traditional models of on-premise IT services were frequently isolated from the internet, the widescale move to cloud services has put the IT of many enterprises within reach of internet-based attacks. In some cases, these services are only protected by a username and password.

There has been significant use of tools and scripts to try and guess users’ passwords. This has almost become the daily norm for Office 365 deployments.

Attacks can now be mounted at scale across the Internet without ever having a foothold within the corporate infrastructure. A successful login will give access to corporate data stored in all Office 365 services. For example, both SharePoint and Exchange could be compromised, as well as any third-party services an enterprise has linked to Azure AD.

The most common attack affecting Office 365 is password spraying, which attempts a small number of commonly used passwords against multiple accounts over a long period of time. This doesn’t tend to trigger account lockouts because the limit of failed attempts is not reached, and as a result can make it much harder for IT security teams to spot.

In most cases, attackers aren’t after just one specific account, and using this method can target a large number of accounts in one organisation without raising any security suspicion.

The full report can be viewed here.

more news

Kaspersky Highlights Information Security In Loss Figures

To budget for information security, companies need to consider factors such as average potential losses, preferably by incident type, as well as other businesses’ average, outlays on security, Says the latest security report from Kaspersky.

read more

Half Of Global Organisations Not Prepared For Cyberattacks

It is believed that more than 4,000 cyberattacks occur daily worldwide, but half of organisations across the globe admit they are not prepared for such events.

read more

Secure Your Physical Business Against Data Theft

Data theft does not just happen in cyberspace, but in the physical business environment, too. Lax physical security can allow criminals to access your computers, filing cabinets, documents left on desktops, etc. Here are some tips for you to ensure your everyday working environment is safe and secure.

read more

UK Launches Third NCSC Annual Review

Paymaster General and Minister for the Cabinet Office Oliver Dowden MP has launched the UK's National Cyber Security Centre's third Annual Review. In his presentation speech, he said: "Thank you, everyone, for joining us this morning. Cybersecurity is genuinely a massive priority for the government and it gives me great pleasure to launch the National Cyber Security Centre’s third Annual Review.

read more