In this episode of The Cybersecurity Insider podcast, host Yigal Behar talks about a real case study where Microsoft Office 365 was breached. He explains how the attackers got in, changed emails, and almost stole money. He covers how the attack happened, pointing out the weak spots and tricks the hackers used.
He also gives useful tips for businesses and users on how to make their Office 365 safer. He encourages the need for strong passwords, using special apps for extra security, and watching closely for anything strange happening with their accounts.
Learn more details about the Office 365 breach below.
Incident Response Case Study Involving Office 365
A customer’s Office 365 email system was infiltrated by attackers who sent an email pretending to request a $30,000 invoice for consulting services. The email appeared legit and included the signature of the person who would normally approve such invoices. The invoice slipped through the customer’s PO system undetected.
Ultimately, the owner of the company discovered the fraudulent invoice, but only after it had passed through the normal approval process. The owner doesn’t recognize the consulting services and refuses to sign the check. Questions are asked and they discover someone accessed an email account to send a PDF attachment. The attackers used the web portal to access the employee’s email.
How the Attackers Got In
Yigal examines how the attackers got in to begin with, suspecting they needed the email account’s credentials. He suggests the information was likely found publicly, but needs further investigation. The company had enabled two-factor authentication (2FA) using SMS, but Behar recommends changing the authentication method.
He shows on screen the Microsoft Authenticator. He recommends using it instead of SMS for 2FA, as he believes someone may be intercepting the SMS codes. This would allow attackers to bypass the authentication, even with the initial password.
How to Reduce Risk Using Microsoft Authenticator
Microsoft Authenticator is a free app that provides an extra layer of security when signing in to online accounts. It’s available for iOS and Android devices. You can use it in three ways:
- Verification Code: If you forget your password, the app generates a verification code you can use to sign in.
- Two-Factor Authentication (2FA): After entering your password, the app provides a one-time code for additional security.
- Passwordless Sign-In: For supported accounts, you can sign in by approving a notification on your phone.
Yigal explains that they’ve switched to using Microsoft Authenticator and haven’t seen any suspicious login attempts since. They continue to actively monitor login attempts for the Office 365 account to ensure that no one logs in from impossible travel locations.
He points out that one indicator of account misuse is if someone logs in from two locations simultaneously that are a significant travel distance apart. This suggests someone else is using the account. By using the aforementioned security measures, the issue was resolved quickly. Yigal caps off his case study by recommending that listeners enable 2FA using an app, and avoid using SMS authentication.Tune in to The Cybersecurity Insider podcast, your trusted source for the latest news, expert insights, and practical security advice to protect yourself and your business. We’re also available on all major platforms, including YouTube, Apple Podcasts, and Spotify, making it easy to listen and learn on your preferred device.
This time I’m reviewing a security incident related to Microsoft Office 365 and how we helped this customer navigate the breach, contain it and finally block it.
