How cyber-attackers use Microsoft 365 tools to steal data – SecurityBrief Australia

How cyber-attackers use Microsoft 365 tools to steal data – SecurityBrief Australia

It’s been well documented that 2020 has seen a sharp rise in cyber-attacks, and almost no industry has been spared. 

Software tools, especially those that facilitate remote collaboration, have seen a surge in user engagement – but even these aren’t immune to the proliferation of cyber-attacks. Microsoft’s Office 365 is no exception.

This is evident in Vectra’s 2020 Spotlight Report on Microsoft Office 365 released recently, which highlights the use of Office 365 in enterprise cyberattacks. The report explains how cybercriminals use built-in Office 365 services in their attacks.

Attacks that target software-as-a-service (SaaS) user accounts are one of the fastest-growing and most prevalent problems for organisations, even before COVID-19 forced the vast and rapid shift to remote work, the report says.

With many organisations increasing their cloud software usage, Microsoft has dominated the productivity space, with more than 250 million active users each month. 

Office 365 is the foundation of enterprise data sharing, storage, and communication for many of those users, which Vectra director of security engineering Chris Fisher says makes it an incredibly rich treasure trove for attackers.

“Within the new work-from-home paradigm, user account takeover in Office 365 is the most effective way for an attacker to move laterally inside an organisation’s network.” says Fisher.

“We have seen this kind of account takeover ultimately cause the loss of personal data from organisations in Australia in recent months. 

“Attackers will continue to exploit human behaviours, social engineering, and identity theft to establish a foothold and to steal data in every type of organisation.”

Even with