Securing Microsoft O365 Against the Latest Threats
25 September 2020
Most recently the UK’s cybercrime agency, the National Cyber Security Centre (NCSC) uncovered 7,796* different forms of phishing emails linked to Covid-19. As well as exploiting concerns over the pandemic, attackers have turned their efforts on home workers as people adapt to new ways of working. As a breach can rapidly escalate into an ICO reportable incident with credibility, cost, and time at risk, it is good practice to test and check Office 365 environments, so problems are spotted before serious damage can be done.
This latest blog looks at some of these common threats and offers guidance on how to protect and future-proof your Office 365 estate during this critical time.
DocuSign Phishing Scam
Electronic contracts have been crucial for organisations during the lockdown – so, naturally, cyber criminals have attempted to exploit this. Here is an example of a prolific phishing template currently circulating, aimed at getting users to click on the content and download malicious software.
The scam is pretty simple; it comes in the form of a mock-up of a DocuSign email requesting the recipient to follow a link to review the document, and once clicked, they are sent to a bogus site where they hand over their login details. Despite – or perhaps because of – the simplicity of the scam, it’s very hard to detect.
In many cases, it is near impossible to distinguish a phishing email from a legitimate email. Without the correct configuration, display names can easily be spoofed which causes a false sense of security for users that may check the ‘from’ field on their email client.
Office 365 User Privileges
80% of SaaS breaches involve the exploitation of privileged permissions. Naturally, administrators have the highest privileges, so in O365, the user's identity must be treated as the security perimeter. Therefore, it’s best practice to enable MFA/2FA and adopt a zero-trust policy within your environment.
Office 365 Logging and Auditing
O365 collects millions of bits of information on even the smallest activities. However, these data points exist for a very brief time and far too few are ever used for data protection or forensics. These logs can provide huge value to your business in the way of maintaining regulatory compliance, business efficiency and supplementing your security intelligence and development.
The main investment for any attacker is their time. Making your data as unobtainable as possible may force hackers to move on to an easier target. GCI is offering a Microsoft Office 365 Security Health Check to customers looking to maintain a secure way of utilising O365 services. The Health Check includes a series of practical checks including forensic analysis to identify any evidence of suspicious activity and potential breach of your Office 365 estate.
This service includes:
- User log-in location checks
- ‘Impossible’ travel scenarios for user logins
- Successful logins from known malicious IP addresses
- Successful logins from known malicious user agents
- Mail forwarding rules analysis