What You Need To Know About Office 365 Brute Force Login Attacks

September 28th, 2018
What You Need To Know About Office 365 Brute Force Login Attacks

img-Blog-WhatYouNeedToKnowAboutOffice365

It’s not a secret. We now live in a world where cyber criminals work day in and day out to hack into small and medium sized businesses to make a profit. This practice has become a profession that’s quickly putting businesses in jeopardy.

Despite companies working hard to protect against these threats, hackers have developed ways to mimic user behavior as a means of gaining access to sensitive information. One of those ways are through brute force login attacks.

What is a Brute Force Login Attack?

In the tech world, a brute force email password attack is when hackers create an automated script that runs quietly in the background. The script guesses various passwords until the right one is found. The key here is that it’s a quiet program — so quiet, in fact, that software cannot detect what’s happening behind-the-scenes.

Office 365 has Become a Target

This type of attack has been happening at an increasing rate on all email providers, and Office 365 is no exception. Now, that’s not to say that we don’t recommend it, in fact, it’s quite the opposite. Office 365 is one of our favorite tools and one that we highly recommend to all of our clients. It's the growing popularity that makes Office 365 a target.

Brute Force Attacks on Office 365

On Office 365, hackers usually deploy a brute force attack in the following way:

  • Hackers scour the records of hosts to find out which businesses are using Office 365 specifically.
  • Scripts are then created to start the brute force login process - continuously guessing passwords systematically with the use of scripts.
  • Once in, hackers set up rules to redirect email to another account. The hackers then delete the forwarded email from the sent and deleted items, making it undetectable by the end user that they’ve been hacked.
  • Another rule is then put in place that deletes all replies from your contacts. So even if someone tries to tell you that your account has been compromised, you won’t get the message.
  • The hacker monitors the account and makes a decision of when to execute further attacks.

Attacks don’t just involve gathering sensitive data. These attacks are especially dangerous because the hackers use your account to send emails to your personal contacts with malicious links that generally contain ransomware. Customers or partners are more likely to open the email and links sent because they’ll appear to have come from you or your business. This now puts both your company's reputation, as well as your contact’s business in jeopardy.

Why Office 365 is a Hot Target for Brute Force Attacks

Office 365 is a particularly attractive platform for hackers because it’s robust. Hackers know that businesses are able to store and manage deep business intelligence, including valuable contact and financial information. If they’re successful at breaching the security layers, the cybercriminals will now be able to access a wealth of data.

Microsoft, the developer of Office 365, knows this risk exists, which is why they go to great lengths to secure the platform. For example, the security has customer-managed controls, so you can customize the strength of your security layers. And, no matter what level of security you choose, Microsoft has embedded security requirements into every phase of their development, so it’s difficult to tap into your data.

Regardless of the security measures, hackers are still drawn to Office 365. It’s not ease of access, but the bounty that comes with gaining access that makes this so attractive. That’s something that Microsoft cannot protect against. The amount and sensitivity of the information stored on this platform is enough to put your business in jeopardy in the event of a security breach, unless you’ve taken the proper steps to stay protected. Here are some of those steps.

Force Your Team to Use Complex Passwords

One of the things that hackers bet on is that people will use obvious passwords, assuming a hack will never happen to them. The scripts look for patterns and test some of the most common passwords, such as 123456. By forcing your team to use complex passwords that are a minimum of 10 characters, you can help secure your entire network and protect your business from these threats.

Monitor Rules

Brute force attacks happen when the hackers set up a rule to work in the background, automatically forwarding emails to another account. These rules can be set up without alerting Office 365 that the account has been breached because they’re a normal email function among business owners.

To stay protected, there are two things you can do. One option is to keep a close eye on your rules function, monitoring for any unusual forwarding rules that you and your team did not set up. The other option is to disable the forwarding function altogether. If it’s not a function you or your team uses, this is probably the best option.

Enable Two-Factor Authentication

Another way to protect yourself is to enable a two-factor authentication. This approach requires that anytime a person signs in, two steps must be taken to access the account. For example, in addition to entering a password, a person might need to type in a code that’s sent to the mobile phone on file. Adding this second layer makes it nearly impossible for the hacker to set up a brute force attack, which could derail their scheme and keep your account safe.

Deploy an Independent Third-Party Backup of Office 365

Office 365 is a robust system with a myriad of security features. But, like many software systems, adding in a third-party to the mix can make your account even safer. If a brute force attack happens, you can restore your business’s intelligence via a third-party. This approach can help speed the repairs of any damage done, getting you back online faster.

We’re Here to Help

If you’re an Office 365 user, you could be exposed to a brute force attack without knowing anything is amiss. That’s because a brute force attack occurs using similar usage patterns as a normal business would use. The best thing to do to keep your SMB protected is to follow the steps above. Talk to your managed IT service provider to help determine if your account has been breached and to take the necessary precautions to stay protected.

For more information on password security, click here to check out our blog on 2017's list of the most commonly used passwords.