Home>Security>Cyber Crime>Finance teams deliberately targeted as ‘e-mail hijack attacks’ rise by 22%
Home>Security>IT Security >Finance teams deliberately targeted as ‘e-mail hijack attacks’ rise by 22%
Home>Security Matters>Security Matters>Finance teams deliberately targeted as ‘e-mail hijack attacks’ rise by 22%

Finance teams deliberately targeted as ‘e-mail hijack attacks’ rise by 22%

25 August 2020

TWO OUT of every three UK companies (ie 66%) have suffered brute force attacks against Microsoft 365 accounts during the past three months. That’s up from 48% in the first quarter of 2021, according to a survey conducted by bluedog Security Monitoring.

The company reports that around 8% of all businesses surveyed suffered breaches in the second quarter as a result of the attacks. bluedog Security Monitoring has also seen a 22% rise in phishing attacks targeting the creation of apps within Azure. The business believes every company is now being targeted at least once a week by this type of attack and, in some cases, five or six times a day.

Tim Thurlings, CTO of bluedog Security Monitoring, asserts that the fraudsters are particularly targeting accounts, finance departments and credit collections teams.

“The phishing attacks trick users into going to the legitimate Microsoft login page and giving permission to create an app that allows access to files, e-mails and mailbox settings,” stated Thurlings. “They can then set up a ‘forward and delete’ rule. Any e-mails the employee sends out are automatically forwarded to the hacker who can then amend the bank account number or insert a request to change the payment details before sending on to the victim. The original e-mail is then deleted from the sender’s mailbox.”

He continued: “This attack pattern can be mitigated by regulating the access of third party integrated apps. Attackers can maintain persistent access to services through these integrated apps without relying on compromised accounts. IT teams should only allow access to necessary apps that support robust security controls. It’s also vital to enable the use of multi-factor authentication on all Microsoft 365 accounts as this will help stop brute force attacks.”

bluedog Security Monitoring observes that the rise in attacks is linked to the lockdown. “As more companies switch their employees to the Microsoft 365 system,” said Thurlings, “it’s harder to safeguard against these risks. Ultimately, companies need to use monitoring to detect where a breach has occurred. A Microsoft 365 monitoring service is a simple and low-cost solution that can be activated remotely and will spot the warning signs, such as a change of settings or permissions, such that companies can step in and block access before any real damage is done.”

To prevent users in an organisation from allowing third party apps to access their Office 365 information, and require future consent operations to be performed by an administrator, visit the Azure Active Directory Admin Centre > Enterprise applications > User settings > Enterprise applications (https://go.microsoft.com/fwlink/?linkid=2119526)

Set the toggle “Users can consent to apps accessing company data on their behalf” to No.

Optionally, set up a process for end users to request access to third party applications. In the Azure portal, it’s possible to configure an admin consent workflow by going to Enterprise applications > User settings (https://go.microsoft.com/fwlink/?linkid=2119526)

Under “Admin consent requests” set “Users can request admin consent to apps they are unable to consent to” > Yes. Select preferences for the rest of the Admin consent requests options Select Save. It can take up to an hour for the feature to become enabled.