Automated attacks against popular office applications have increased in sophistication over the past months using variations of the usernames and passwords to compromise accounts. Office 365 and Google G-Suite account for the majority of office productivity applications used by both small and large companies.
“The affected organizations are from various industries and countries, with K-12 and higher education sectors being most vulnerable. Over 13% of successful attacks were aimed at educational institutions, and 70% of all educational institutions’ tenants experienced breaches from these IMAP-based brute force attacks. ” says Proofpoint.
More than 2% of the user accounts were targeted and that 15 in 10,000 were successfully breached. On paper, these numbers seem low, but when you take into account that the attacks are all automated and take little effort, all businesses should be concerned.
The attackers mainly aim to leverage compromised accounts for internal phishing and BEC (Business Email Compromise) man-in-the-middle attacks. Most successful attacker logins originate from Nigerian IP addresses but are initiated by China (53%) and Brazil (39%) and the United States (31%).
IMAP being the most commonly abused protocol in these attacks, the attack success rate was at 44%.
Usually unprotected and unpatched devices on the internet are hijacked by nefarious players to initiate these attacks. These hijacked devices gained access to new tenants every 2.5 days on average during a 50-day period.
CloudNexus recommends that internet connected devices by fully patched and monitored. Password strength is also a key prevention mechanism. One of the more common passphrases include the combination of a sports team and a year (i.e. Celtics84). These easy to guess passwords are loaded into password dictionary files and used in brute force attacks. Using the IMAP protocol effectively prevents automatic lockouts that allow brute force attacks to work.
CloudNexus specializes in CyberSecurity management as a service. Contact us today at 502-440-1380 and schedule an in depth network vulnerability scan for free.