Ongoing Azure Compromises Target Senior Execs, Microsoft 365 Apps

February 28, 2024

By Genady Vishnevetsky

Hackers continuously try to break into Microsoft 365 applications and steal information. According to Proofpoint, a cybersecurity company, hackers have been sending phishing emails to various organizations since November 2023. These emails contain fake documents or links that trick the recipients into giving away their Microsoft 365 login credentials. Once the hackers get access to the user accounts, they can:

  • Change the user's multifactor authentication settings to bypass security checks
  • Send more phishing emails to other employees or contacts using Exchange Online
  • Steal sensitive data from Exchange, OneDrive, SharePoint and other Microsoft 365 apps
  • Create rules to delete any evidence of their actions from the user's mailbox

The adversaries attacked organizations in various regions and industries, such as healthcare, education, finance and manufacturing. The primary targets were high-level executives, including vice presidents, CFOs, presidents and CEOs. Proofpoint estimates that dozens of environments and hundreds of individual user accounts have been compromised so far.

The best way to avoid falling victim is to be vigilant and careful when opening emails and clicking on links or attachments. Here are some tips to help you spot and avoid phishing emails:

  • Check the sender's address and name. Is it someone you know and trust? Does it match the domain of the organization they claim to represent?
  • Look for spelling and grammar mistakes. Phishing emails [still in the ChatGPT era] often contain errors or awkward language that indicate they need to be more legitimate.
  • Hover over the links or attachments before clicking on them. Do they lead to the expected website or file? If not, do not click on them.
  • Use a strong and unique password for your Microsoft 365 account and change it regularly. Do not reuse the same password for other online accounts or services.
  • Enable multifactor authentication for your Microsoft 365 account and any other online accounts that support it. This adds an extra layer of security by requiring a code or a confirmation from your phone or another device when you log in.
  • Report any suspicious emails to your IT/Security team. They can help you verify the email's legitimacy and take appropriate action if it is a phishing attempt.

Genady Vishnevetsky, chair of ALTA’s Information Security Work Group, is chief information security officer for Stewart Title Guaranty Co. He can be reached at [email protected]. To view more of Vishnevetsky’s posts on the ALTA Community, click here.

Contact ALTA at 202-296-3671 or [email protected].