Such as said ο Doug Bienstock, chief security consultant at Mandiant “the amount of data in Office 365 is just huge and intruders are obviously interested in data. "But they can also access this data from almost anywhere in the world."
"Office 365 is also a gateway for organizations to access other applications as a unique connectivity platform," Bienstock explained.
Usually hackers have no difficulty accessing systems an organization. So they can find email lists of employees of a company and try to carry out brute-force attacks to crack any common or weak passwords.
"The attacker will receive these valid credentials, will be connected to VPN and will enter the network with the intention of increasing its privileges in a global Office 365 δια administrator account, said Josh Madeley, Mandiant's chief security consultant.
It is believed that the vast majority of state-backed APTs are interested in developing this type of attack. However, the one that is definitely interested is APT35, a team hacking from Iran, which is "notorious" for exploiting cloud services to gain access to the sensitive information it wants.
Hackers are not trying to exploit a vulnerability in Office 365. But the way companies and users secure Office 365 could be improved to protect themselves from such attacks. The first step that organizations can take to prevent attacks is to ensure that they do not use common or passwords that are easy to guess.
Agencies also need to ensure that multi-agent authentication is applied to as many employee accounts as possible, so in the event of password theft or breach, there is an extra level of defense to stop attacks. It is also recommended that organizations take the time to understand the activity in their networks, so that suspicious activity can be detected and stopped before it causes significant damage.