Monday, November 23, 22:45
Home security Hackers violate Office 365 accounts through ATO attacks

Hackers violate Office 365 accounts through ATO attacks

Office 365It has recently become known that hackers target user accounts in Office 365, through ATO takeover attacks, to use them for other attacks, such as phishing, BEC attacks and malicious ad campaigns.

Some researchers showed in their report that during March, hackers sent 1,5 millions of malicious and spam emails, using 4,000 accounts, which violated ATO attacks.

Hackers gained access to Office 365 accounts, installed malicious settings to hide their activity, and then phased out spam and spam messages from their accounts.

Researchers found that the attacks were mainly from Chinese IP addresses (about a quarter of total attacks). However, some people also used servers in Brazil (9%), Russia (7%), Netherlands (5%) and Vietnam (5%).

Attack methods in Office 365

Hackers do a lot of careful work to deceive the victims. The methods they use are a combination of impersonation, phishing and social engineering. Fraudsters use large companies (eg Microsoft) to make the victims visit specific pages, which are in fact controlled by hackers.

This way they can steal user credentials.

In addition, because many people use the same username and password in different accounts, hackers can use stolen credentials and access all accounts.

With stolen credentials, hackers are also trying to access corporate email emails (BEC Attack-Business Email Compromise).

Also, the researchers have also discovered brute-force attacks that exploit that users use very easy and predictable codes.

Before the attack takes place, hackers monitor the businesses they are targeting. What business does the company do, how to trade and more. Based on these data and stolen credentials, criminals are able to make successful attacks.

Then they use the accounts that have violated and target the employees of the company, especially those who work in the finance department. Through BEC attacks and social engineering, they deceive employees.

An FBI report showed that criminals managed to extract about 1,2 billion dollars at 2018, making this kind of attack. According to the report, BEC / EAC attacks have been the ones that have secured the most money for hackers.

2018 triple attacks of this kind, compared to 2017, and more specialized methods were used.

According to report of the researchers, hackers use the blame accounts for theft of personal, financial and confidential data as well as other crimes, and they are also attacking business associates and customers.


Experts suggest organizations use mechanical learning to deal with attacks that violate e-mail accounts.

Also, two-factor authentication is very useful as it adds an extra level of protection.

Finally, tools should be developed to detect ATO attacks, track accounts, and notify any violations. Training a company's employees so they can recognize them Phishing emails and detect suspicious activities, is equally important.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement


Details of Spotify users were exposed by hackers

A hacking team has gained unauthorized access to 350.000 Spotify accounts on the music streaming service. To achieve this ...

Black Friday: Tips for Secure Online Shopping

Black Friday and Cyber ​​Monday are two of the busiest days for online shopping. And of course ...

Photoshop: How to restore the old mode of Free Transform

Adobe recently changed the way Free Transform works. But you can restore the old way of working ...

EU: Ready to end end-to-end encryption?

End-to-end encryption is a security tool used by various applications, including Facebook Messenger, WhatsApp and Signal, for further ...

How to disable the "welcome tips" after the Windows 10 update

Windows 10 after an update sometimes opens a window with tips to show you what's new for ...

The Windows 10 KB4586819 update fixes several issues

Microsoft has released the cumulative non-security update KB4586819 preview for Windows 10 versions 1809, 1903 and 1909, with various fixes ...

Drupal websites are vulnerable to double-extension attacks!

The team behind Drupal Content Management System (CMS) released some security updates this week to fix a critical ...

Face recognition can identify bears and cows

Face recognition can be used to identify various animals such as bears and cows!

Google Workspace: How it unlocked the subscription software market

In fact, Google has made it easier for smaller players. A startup that starts in 2020 ...

Black Friday with online offers in COSMOTE and GERMANO

Press Release: Black Friday with online offers at COSMOTE and GERMANO November 23, 2020