A new study by Barracuda Networks highlights the “startling rise” of account takeover (ATO) attacks targeting Microsoft Office 365 accounts. In March of this year, 29% of companies had Microsoft 365 accounts compromised, allowing attackers to send over 1.5 million spam messages from such accounts.
Threat actors are using different attack techniques to go after Microsoft 365 accounts, including social engineering, brute-forcing and credential stuffing, i.e. the use of leaked or stolen login credentials for user accounts of another service based on the knowledge that many people reuse credentials for different accounts.
The report also shows that after compromising an account, attackers often use it to “monitor email and track activity in the company, to maximize the chances of executing a successful attack,” while trying to hide the account takeover. Once they have gathered sufficient information, threat actors use their control over company accounts to go after executives or financial staff, as well as business partners and customers of the targeted company. A common attack is conversation hijacking, in which “hackers insert themselves into important conversations or threads, such as during a wire transfer or other financial transaction.”
Read more: Microsoft Office 365 Accounts Under Attack — What You Need To Know