Author Topic: Office365 Current Events  (Read 746 times)

0 Members and 1 Guest are viewing this topic.

Offline Mark

  • ScurvyDawg
  • *******
  • Posts: 7261
  • Karma: +613/-7
  • meh.
    • Mark Piontek
Office365 Current Events
« on: August 31, 2017, 08:10:40 am »
Quote
Office 365, Microsoft’s software-as-a-service productivity software suite popular with corporate users, is increasingly becoming attackers’ preferred way into business networks, Barracuda researchers warn.

https://www.helpnetsecurity.com/2017/08/31/office-365-account-compromise/

I know this doesn't surprise anyone, but it's interesting to think about.  Anyone using multi-factor authentication or Azure multi-factor authentication?

I'm still in the camp of wanting to host my own email server on my own network.  I like the smaller footprint, for now.
Mark Piontek, MBA
Director of IT
BS in Information Systems Security
MarkPiontek.com

Offline Jeff Golas

  • Administrator
  • Scalliwag
  • *****
  • Posts: 3028
  • Karma: +345/-0
    • JKJ Website
Re: Office365 Current Events
« Reply #1 on: August 31, 2017, 12:05:07 pm »
I keep seeing this odd "THIS IS BAD" articles, not even just IT stuff but all sorts of stuff, especially on Facebook. People that write this stuff seem like they're doing it just to justify being a writer or something.

Anyway - the topic of the article really is just about Phishing, and can (and did) happen to Google and any other major service provider, not even just Saas services. Thankfully this is one topic I really drove home while I managed our in-house email server years ago, and continue to today with additional training and occasional "tests" ;-)

The problem is a scary one though, at least today its funny that most of the phishing emails STILL have good telltale signs, but otherwise, some of them can be pretty legit looking. I think what it really may come down to, is simply disabling the clicking of ANY links in an email, although you'll have to battle the secure email platforms on that topic.
Jeff Golas
Johnson, Kendall & Johnson, Inc. :: Newtown, PA
Epic Online w/CSR24
http://www.jkj.com

Offline Mark

  • ScurvyDawg
  • *******
  • Posts: 7261
  • Karma: +613/-7
  • meh.
    • Mark Piontek
Re: Office365 Current Events
« Reply #2 on: August 31, 2017, 01:21:41 pm »
Yeah, it's definitely about phishing and no service is immune to that.  We do training on it here.

We had an interesting phish the other day that I am confident would have been pretty bad had someone fell for it.

User got a reply to an email from 2015 regarding a client we don't have anymore.  It was actually a reply to an out of office message from 2015, not even a human email.  There was a Word attachment to it.  He picked up the phone and called the sender who told him that in fact he had been "hacked" and did not send this email.

I just think that 365 is a big target, like the others that you mentioned, and might be a little more likely to fall for certain phish campaigns.  For example, with my in-house Exchange server, emails like the one mentioned in the article don't exist, and it is not normal to have to login to a web interface to do anything. Sure, there is OWA, but not to manage anything in-house.
Mark Piontek, MBA
Director of IT
BS in Information Systems Security
MarkPiontek.com

Offline Jeff Golas

  • Administrator
  • Scalliwag
  • *****
  • Posts: 3028
  • Karma: +345/-0
    • JKJ Website
Re: Office365 Current Events
« Reply #3 on: August 31, 2017, 02:24:02 pm »
I have seen examples where they were made to look like OWA. On-prem vs cloud vs whatever is a pretty wide debate; depends on what you want to focus your time doing, or what you should be doing, as well as if you deal with internal support or not. They're arguments for both sides, but I dont think phishing is any less of an issue becuase you use a platform over another. they'll find a way to get your users.
Jeff Golas
Johnson, Kendall & Johnson, Inc. :: Newtown, PA
Epic Online w/CSR24
http://www.jkj.com

Offline Mark

  • ScurvyDawg
  • *******
  • Posts: 7261
  • Karma: +613/-7
  • meh.
    • Mark Piontek
Re: Office365 Current Events
« Reply #4 on: August 31, 2017, 02:29:02 pm »
I think you and I are sort of having two different conversations.  OWA phishing is out there and I've sent tests using the same template.  But, we don't use OWA internally so no one would fall for that one here.  Tested and verified  8)
Mark Piontek, MBA
Director of IT
BS in Information Systems Security
MarkPiontek.com