Office 365 accounts being actively attacked
Posted by Rubin Bennett on 22 May 2017 05:03 PM
Password security bulletin
We’ve seen a recent uptick in compromised accounts recently across our customer base. Last week alone we saw 2 separate Office365 accounts get ‘hacked’ and fraudulent emails sent out impersonating the account owner.
The account owners were vigilant and fairly immediately recognized that something was wrong, notified us, and we helped them regain control over their account. However, before we regained control of the account, thousands of emails were sent to everyone in their contact lists with a malicious Word document as an attachment.
What was the “Hack”?
We had 2 separate customer report fraudulent access of their Office 365 Email accounts, likely via Outlook Web Access. Both customers had reasonable, but not very long, passwords. We suspect that the account password/ email combinations were used on other sites, and may have been included in one of the many password leaks in the past year or so.
What did you do?
We reset their passwords, enabled login auditing on their accounts for the entire domain, and enabled 2 factor authentication (when a new device logs in to the account, a text message is sent to the user’s cellular phone with a numeric code that they type in after they enter their username and password).
How can I protect myself/ my organization from this attack?
You can proactively do the same steps we did to mitigate the attack:
Calling your favorite I.T. Company is always a good step if any of the above sounds like Greek to you. We’re specialists in geek (erm, we mean Greek…).