Microsoft 365 is used by over one million companies worldwide, making it one of the most commonly used cloud productivity suites on the market. While it may be a popular option, it is also the primary target of cybercriminals. According to the FBI, over the past seven years, Business Email Compromise (BEC) has been responsible for more financial losses in cybercrime than any other attack method.
Data from a Barracuda Networks Report shows that in 2021, 1 in 5 organizations experienced at least one account compromise in Microsoft 365. since cybercrime is running rampant, especially among people working from home, it’s important to be aware of the risks of using Microsoft 365 and putting measures in place to keep your data safe.
Our expert team at CMIT Solutions has put together a guide on common Microsoft 365 security holes and how you can avoid them.
Common Microsoft 365 Security Holes
Bypassing the Multi-factor Authentication
Multi-factor authentication or MFA is a security feature that is built into all editions of Microsoft 365. Cybercriminals will commonly bypass these controls. This is because legacy controls such as IMAP/POP3 don’t support MFA. This allows the cybercriminal to get past the MFA when you fail to restrict legacy authentication, or worse, not enabling MFA for all your users.
It is critical for you to know when the MFA is disabled on your Microsoft 365 account to help prevent this.
Privilege Escalation
This is a common technique used by threat actors where they attempt to elevate permission, mainly to domain administrator, so they can carry out attacks. They will typically use legitimate tools that are already in an environment where they can evade detection from many commonly used antivirus software and endpoint detection and response software. Threat actors will use a scheduled task which is a built-in Windows functionality, to help them escalate their privilege.
We recommend creating an inbox rule or external email forwarding rule to help you detect suspicious activity.
Macros
Macros are automated sequences that imitate mouse actions or keystrokes. They are used to replace a set of repasted tasks within Word or Office. Cybercriminals use these malicious macros by embedding them into these applications, which allows them to take over programs and automatically run commands.
Phishing
Phishing occurs when a cybercriminal sends emails that are disguised as coming from a legitimate company to try and obtain personal information. Microsoft is one brand that is commonly impersonated in phishing.
This is often one of the first attempts a threat actor will make to gain access to an environment. A phishing email will often prompt you to click on a malicious attachment or link that will run a command, execute a code, or give them consent to access your mailbox.
While Microsoft 365 has an email protection feature, it will only protect to a certain extent, so it is crucial to have additional email security in place to protect your data.
Data Exfiltration
Attackers are now able to exploit a built-in Microsoft Application called Power Automate. They access this to exfiltrate data and emails. This application, when exploited, allows cybercriminals to automate workflows to exfiltrate your data from other applications such as OneDrive.
This attack can have a major financial impact on your business while devastating your reputation and company trust.
Top Tips for Ensuring Email Security
It’s important to note that Microsoft has its own security settings that can provide you with basic security at no additional cost, but for stronger protection, we recommend the following:
Employee Education
Since many email-based attacks are designed to try and trick you into providing information or clicking on a malicious link, it’s crucial to educate your employees and train them on how to recognize phishing emails. They should also be instructed to report any suspected attacks to help you manage your cybersecurity risks.
Anti-Phishing Solutions
You can also deploy anti-phishing measures that are able to identify any red flags that could indicate potential phishing emails and block this malicious content from the user’s inbox. These solutions help you minimize the risk of employees accidentally clicking on a malicious link.
Safe Browsing Solutions
Phishing emails will often attempt to prompt users to clock on malicious links that direct them to a phishing site. With safe browsing solutions, URLs will be filtered, blocking users from visiting any bad URLs or sites with phishing content.
Data Loss Prevention
As mentioned above, cybercriminals are often trying to use phishing campaigns through email so they can steal and exfiltrate sensitive information and data. With data loss prevention solutions, you can work to prevent these attacks by inspecting any outgoing emails from your employees for sensitive content.
Cybersecurity Services for Pittsburgh Businesses at CMIT Solutions
Our team of cyber security experts can help you implement a variety of solutions to protect your data and your business. Contact us today to learn more!