Office 365 Phishing Campaign Targets Admin Credentials

By   ISBuzz Team
Writer , Information Security Buzz | Nov 18, 2019 06:27 am PST

PhishLabs has detected attempts to compromise Microsoft Office 365 administrator accounts as part of a broad phishing campaign.

In the campaign, the threat actor(s) delivered a phishing lure that impersonated Microsoft and their Office 365 brand but came from multiple validated domains – an educational institution for example – not belonging to Microsoft. If the victim clicked the link, they were presented with a spoofed login for Office 365.

Administrators often have privileges on other systems within an organisation, potentially allowing further compromises.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Javvad Malik
Javvad Malik , Security Awareness Advocate
November 18, 2019 2:29 pm

We continue to see phishing emails against cloud emails continue to grow with more innovative ways and techniques. The big challenge with these attacks is due to the changing domains, the nature of wording and even the hiding of malicious pages behind captchas makes it extremely difficult, if not impossible, for technological offerings such as email gateways to effectively protect against.

Therefore, user awareness and training will remain the most effective and important step in protecting enterprises against such phishing attacks.

Other controls that can help minimise the impact of compromised credentials include multi factor authentication, and having good monitoring controls in place that can detect and raise alerts wherever suspicious activity is detected.

Last edited 4 years ago by Javvad Malik
Stuart Sharp
Stuart Sharp , VP of Solution Engineering
November 18, 2019 2:26 pm

While a creative campaign, this type of attack is nothing new. Organisations are able to protect against attacks like these enforcing multi-factor authentication (MFA) within their corporate environments. Administrative accounts should be protected using strong MFA, such as hardware tokens or on-device biometrics to protect against more sophisticated OTP attacks. These solutions are currently the best methods by which organisations can protect themselves from such attacks, with MFA proven to prevent 99.9% of account takeovers.

Last edited 4 years ago by Stuart Sharp

Recent Posts

Would love your thoughts, please comment.x