KnockKnock. Who’s There?  The latest attack on Office 365

The recently disclosed Knockknock attack brings up a few key lessons on Office 365 security.

Broadly used platforms make easy targets for attackers

As the popularity of a platform rises, attackers increasingly focus on it.  In this case, the runaway success of Office 365 has drawn the focus of a botnet master, but many other malicious actors are also increasingly focused on it.  Back in the day, of course, malware was primarily written for the Windows platform, in large part because the probability of bumping into a vulnerable Windows system was quite high.  Now with the rapid movement of common business applications to the cloud, the probability of finding a vulnerable Office 365 tenant is increasingly high.  Couple that with the minuscule expense for the attacker to set up a test environment and they have a perfect setup for launching an attack.

Admin or system accounts provide entry points into an organization. 

Attackers often assume – correctly – that with these system accounts, organizations “set it and forgot it”.  This age-old attacker technique didn’t go away with the movement to the cloud, in fact, it got easier, as by definition these admin accounts are Internet accessible and thus easy to access and “knock-on”.  And how many of you have these privileged accounts protected only with a single authentication factor – passwords?

Lateral movement leverages internal-to-internal phishing emails.

This portion of the attack is notable and increasingly common.  How many of your employees will be wary of clicking links or opening attachments in an email that literally comes from an internal sender?  And how many organizations have their cloud-based email security systems reviewing internal-to-internal emails? While it is understandable that most organizations focus their email protections on inbound emails, it is increasingly important to also focus on protecting against malicious internal emails, as internal phishing has now become a classic way a targeted email attack is spread.

The bottom line is attackers are “knocking” all around your enterprise, including your cloud-based services.  It is important to recognize this so you can improve your defenses where they are needed most.  

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

The Real Advantage of Moving Your Security Controls to the Cloud

The “Network Effect” It is not exactly…

The “Network Effect” It is not exactly news that most secu… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Oct 16, 2017

Making Office 365 Safer for Business

For the past 20 years, every time you de…

For the past 20 years, every time you deployed an Exchange e… Read More >

J.Peter Bruzzese

by J.Peter Bruzzese

Office 365 MVP

Posted Oct 18, 2017

Office 365™ Isn’t the Archiving Powerhouse You Think It Is

Office 365 doesn’t actually provide all …

Office 365 doesn’t actually provide all the archiving capabi… Read More >

Margot Carmichael Lester

by Margot Carmichael Lester

Mimecast Contributing Writer

Posted Oct 06, 2017