Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Threat Actors Take Advantage of Exchange Online and Outlook on the Web with New Levels of Sophistication

    threat actors online outlookNew insight from Accenture Security highlights specific ways attackers are changing their tactics to make Microsoft’s email platform a tool rather than an obstacle for phishing attacks.

    We all tend to think of our email platform as something that helps create a more secure environment four our networks. But new disturbing information found in Accenture’s 2020 Cyber Threatscape Report shows that, in the wild, parts of Microsoft Exchange (and Exchange Online), as well as Outlook Web Access are being used as part of sophisticated phishing campaigns:

    • Threat groups like Belugasturgeon are hiding within Exchange traffic to obfuscate both command relays and data exfiltration
    • Hackers are attempting to gain access to Exchange servers responsible for the Client Access Server role to deploy web shells that facilitate the harvesting of credentials during an Outlook on the Web session.
    • Belugasturgeon even went as far as to register one of their pieces of code as a Microsoft Exchange Transport Agent (reputable transport agents include antivirus, mail filtering, etc.) so that they could gain access to email passing through Exchange and be able to create, modify, or delete messages.

    This level of sophistication makes it clear that the bad guys are willing to do whatever it takes to gain access to your credentials and email.

    While the means to mitigate the issues mentioned above likely revolves around keeping any Exchange systems you still manage up to date with patching, it’s still important that users be vigilant around any abnormal communications issues – emails not being received by an intended recipient or not receiving an email from an external party could both be signs that, (assuming the user in question is involved with either a financial aspect of the organization, intellectual property, customer data, or employee information) a bad guy could be messing with your email conversations and inserting themselves in a case of business email compromise.

     

    Return To KnowBe4 Security Blog

    Get Your CEO Fraud Prevention Manual

    CEO-Fraud-Prevention-Manual-WP-FannedCEO fraud has ruined the careers of many executives and loyal employees, causing over $26 billion in losses. Don’t be the next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

    Get Your Manual

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/ceo-fraud-prevention-manual

    Topics: Phishing, CEO Fraud, Email Security

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews