Quote:Threat actors are consistently leveraging legitimate services and tools from within Microsoft Office 365 to pilfer sensitive data and launch phishing, ransomware, and other attacks across corporate networks from a persistent position inside the cloud-based suite, new research has found.
 
Office 365 user account takeover – particularly during the COVID-19 pandemic with so many working from home – is one of the most effective ways for an attacker to gain a foothold in an organization’s network, said Chris Morales, head of security analytics at Vectra AI.
 
From there, attackers can move laterally to launch attacks, something that researchers observed in 96 percent of the 4 million Office 365 customers sampled between June to August 2020. The company revealed the findings of this research in a 2020 Spotlight Report, released Tuesday.
 
“We expect this trend to magnify in the months ahead,” Morales said in an email interview with Threatpost.
 
The report takes a dive into some of the most popular ways that attackers leverage Office 365 services and tools to compromise corporate networks. Indeed, Office 365 presents a wide playing field for attackers; the leading software-as-a-service (SaaS) productivity suite has more than 250 million active users each month, which has made it a historically consistent target for attacks.
 
Many of those users are currently working from home due to COVID-19 restrictions, often on networks that don’t have the same protections as the corporate cloud. This adds another aspect of accessibility for attackers, Morales said.