Barracuda Networks’ researchers found that more than 1.5 million malicious and spam emails were delivered by threat actors using roughly 4,000 accounts compromised via ATO during March 2019 within a single month
Office 365 Accounts Compromised via ATO Attacks Used in BEC Scams – Office 365 accounts are targeted and compromised in takeover attacks (ATO), accounts which cybercriminals later use for a variety of nefarious purposes ranging from spear-phishing and BE… https://t.co/WWftxvpZw5
— G & R Computers (@GRComputers) May 2, 2019
Corin Imai, Senior Security Advisor at DomainTools:
“The most important thing to remember in light of the percentage of Office 365 compromised by ATO attacks is that even known senders should not be trusted by default. Barracuda Networks’ findings should come as a reminder that we are all likely to receive at least some form of phishing email in our inbox, and that caution is a requirement when opening any email.
Most criminal groups running these campaigns are refining their techniques in an attempt to make their emails seem legit. However, there is usually at least one detail that gives away that the message might be a scam, being that an unusual phrasing or a link with a suspicious URL. Although it may sound trite to repeat this, phishing attacks are counting on an oversight from the human component of an organisation’s security posture. This is a vulnerability we would love to patch, meaning we need to take education seriously and ensure that phishing prevention is part of each employee’s training package.”