Office 365 accounts are targeted and compromised in account takeover (ATO) attacks, which cybercriminals later use for a variety of nefarious purposes ranging from spear-phishing and BEC attacks to malvertising campaigns.
As explained by Barracuda Networks' researchers in a
report published today, more than 1.5 million malicious and spam emails were delivered by threat actors using roughly 4,000 accounts compromised via ATO during March 2019 within a single month.
Also, while analyzing ATO attacks targeting Barracuda customers, the researchers discovered that 29 percent of the monitored organizations had their Office 365 accounts infiltrated.
Once the Office 365 accounts were successfully hacked into, the scammers added malicious mailbox rules to hide their activity and deleted the malvertising, phishing, and spam emails sent from the account in "34 percent of the nearly 4,000 compromised accounts."
Barracuda's research team found that suspicious logins originating from Chinese IP addresses were the most encountered while investigating the Office 365 ATO attacks with almost a quarter of the total number of attempts, with attackers also using servers located in Brazil (9%), Russia (7%), Netherlands (5%), and Vietnam (5%).
