Investigators tracking financial fraud are always told to follow the money trail to find the perpetrators. Cyber fraud investigators are now learning to follow the data to do exactly the same thing. More and more organisations are moving their data to the cloud, and where the data goes the hackers follow.
Without doubt the most widely used cloud-based application on the enterprise software market is the Windows Office 365 e-mail, storage and collaboration tool. There are now more than 60 million businesses using Office 365 globally, with another 50,000 being added each month.
With all this data being stored in the cloud, the temptation for hackers to attack it is irresistible. If the attackers can penetrate any individual user’s Office 365 account, usually by hacking their individual password, then they can immediately access not only that user’s cloud stored data on OneDrive or SharePoint, but also shared company folders, and the e-mail system.
The hackers can then do many things including, for example, setting up a forwarding rule that sends certain messages, perhaps from a supplier, to a different external account. This could be used to intercept an invoice that is due to that supplier and then to switch a fake invoice for the real one, with new bank details to steal the payment.
There are a number of things that can be done to mitigate such an attack on Office 365, which we can help you with here at Transputec as a Microsoft accredited Gold Partner.
- The first is to enable two-factor authentication. By creating a two-step authentication process, you can strengthen your security so that only the owner of both the token and the password can login to the Office 365 account. This will require periodic re-authentication so that the token remains secure.
- The second is to implement a requirement for complex and rotating passwords for all users. Static passwords are easier to crack than rotating ones and if a breach had occurred then the vulnerability may be closed by a password change, if it not already too late. Hackers may access an account and then lie dormant for a while, watching for information of value to them.
- The third is to disable forwarding rules across the company, which will make it much more difficult for the hacker to gather useful information. If these rules are vital for your company then educate your employees to conduct periodic reviews of them, to help them recognise if their account has been compromised.
- Another option we can help you with is to use Microsoft Office 365 Advanced Threat Protection. ATP is an e-mail filtering service that helps protect against unknown malware and viruses. It also has rich reporting and URL trace capabilities that give administrators insight into the kind of real-time attacks happening in your network.
- We can also help you with an upgrade to an E5 Enterprise Licence which, as well as providing additional collaboration tools, includes behaviour analysis alerting and protective actions. These range from automatic account lockouts and forced re-authentication to e-mail and geo-location login alerts. We would recommend E5 licensing for high risk employees such as executive team members and all those involved in financial transactions.
It has been said that there are now only two types of company. Those who know they have been hacked and those who don’t yet realise it. The Marriott International hack, in which the details of 500 million customers have been breached through a compromise of its guest reservation database since 2014, is just the latest in a long string of similar data breaches.
Act now to protect your cloud-based data, before it is too late.
Stuart Salt
Director of Services, Transputec
