Office 365 Account Takeovers

Lookout Coverage and Recommendation for Admins

Lookout admins can implement Lookout CASB in addition to Lookout Mobile Endpoint Security to secure their organization against this surge in attacks. Doing to will enable them to monitor third-party applications connected to cloud services such as Office 365 and distinguish between legitimate and malicious activity. Requiring that mobile security be installed before accessing Office 365 is a key policy to be implemented.

Admins can also define context-aware adaptive access control policies to deliver Zero Trust access. Finally, leveraging enterprise digital rights management (E-DRM) will automatically envelop data with advanced encryption based on its sensitivity.

Overview

Recently, there has been a notable surge in Microsoft Office 365 account takeover attacks. This surge comes as no surprise as organizations have fully embraced the collaborative cloud-based services that Office 365 offers. With a more highly distributed workforce, organizations have lost control and visibility into access and behavior within these services as employees use a mix of managed and unmanaged endpoints to access them.

‍

Lookout Analysis

At the same time, the expanded remote workforce has also increased organizations’ threat surface in the cloud, with a greater concentration of remote attacks and breaches on the Office 365 collaboration services. Threat actors are leveraging social engineering as part of greater phishing campaigns to steal login credentials, enter corporate infrastructure, and steal sensitive data. Since the Office 365 suite enables teams to collaborate on everything from strategy to company finances, attackers know a successful account takeover grant them access to valuable data.