Office 365 Compromised Accounts Used For BEC Scams

Barracuda Networks’ researchers found that more than 1.5 million malicious and spam emails were delivered by threat actors using roughly 4,000 accounts compromised via ATO during March 2019 within a single month

Expert Comments:

Corin Imai, Senior Security Advisor at DomainTools:  

“The most important thing to remember in light of the percentage of Office 365 compromised by ATO attacks is that even known senders should not be trusted by default. Barracuda Networks’ findings should come as a reminder that we are all likely to receive at least some form of phishing email in our inbox, and that caution is a requirement when opening any email.   

Most criminal groups running these campaigns are refining their techniques in an attempt to make their emails seem legit. However, there is usually at least one detail that gives away that the message might be a scam, being that an unusual phrasing or a link with a suspicious URL. Although it may sound trite to repeat this, phishing attacks are counting on an oversight from the human component of an organisation’s security posture. This is a vulnerability we would love to patch, meaning we need to take education seriously and ensure that phishing prevention is part of each employee’s training package.” 

 

Subscribe
Notify of
guest

0 Expert Comments
Inline Feedbacks
View all comments
Information Security Buzz
0
Would love your thoughts, please comment.x
()
x