Cybercriminal are targeting account login credentials of Microsoft Office 365, with its more than 100 million monthly active subscribers, to ultimately launch attacks from within organization, including financial institutions.

Cybercriminals have a long history of designing attacks to reach the largest number of eyeballs possible, according to research from Campbell, Calif.-based real-time spear phishing and cyberfraud defense firm Barracuda Sentinel. “From the early days of traditional spam, to search or trending topics on social platforms, criminals follow the users, and Office 365 has become a breeding ground for highly personalized, compelling attacks,” Asaf Cidon, spear phishing behavior expert and vice president, content security services at Barracuda, said.

Attackers prey on the inherent trust of email received from coworkers. Most individuals are almost positive it is legitimate, but unfortunately, that’s not always the case.

Barracuda Sentinel examined increasingly popular threat, Office 65 Account Compromise, within its large customer based on Office 365. They found Office 365 account compromise attackers attempt to steal user credentials to launch attacks from an internal account.

 

continue reading »