One of the platforms of choice for any business these days is Office365 and its related services. Whether thats just a business using it for email, or through to the business that uses all the apps and telephony as well. Comes with pretty much all you need, and the way things are going, its all going to be cloud based with limited infrastructure on site. It makes sense, its more resilient for the small business, its available and its relied upon. You can access your data, emails, telephony etc etc, from anywhere at any time. Keep an eye out for Spear Phishing attacks.
One area we talk about when it comes to any cloud based system, is Multi Factor Authentication (or MFA) and although nothing is ever 100%, if you dont have it turned on, you may as well consider yourself breached. If its not now, will just be a matter of time.
We have been reading reports recently how hackers have taken advantage of the popularity of Office365 and subsequently launched a phishing campaign targeting O365 users. This in itself isnt new, but some of the attacks are coming from compromised LinkedIn accounts, and seeing as the threat is cross platform, that should make any business sit up and listen. The main goal of these spear phishing campaigns is to get the recipient to type in your Office365 credentials on their page. The majority of the time, attackers will go the extra mile to make sure the landing page looks as close as the Office365 login page as possible.
If an employee were to open the attachment that came through on email, it will take you to a fake Office365 portal, which is normally indistinguishable from the real thing, where it will prompt for your credentials.
Two domains have been found to be behind the attacks at the moment, and we recommend you add these to your blacklist for inbound emails.
iradistrbution.sofiatsola.com – The people behind this domain have taken great steps to conceal where the website was registered and more importantly where they’re currently located.
markalriedgehomes.com – linked to an address in Texas in the US.
So how can you protect your business from these phishing attacks? Well, it’s all about being vigilant and being aware. As we’ve mentioned already, the danger with this phishing attack is that it can come from a recognised email address or LinkedIn profile and so one of your employees might innocently believe it to be real.
It’s best to make them aware not to ever take anything at face value, if the email has an attachment in, for this not be clicked on and if for any reason it is, for your IT department to be made aware and for the website address to be scrutinised. It’s also advised for you to have a strong DNS traffic filtering solution. This means that fake website domains can be more easily picked up.