Hackers Target Office 365 Administrators

Security experts are warning Office 365 Administrators to be on the lookout, after a phishing campaign has relentlessly started targeting this group. 

PhishLabs said it saw malicious emails being sent out using legitimate domains across a wide range of industries and enterprises.  

PhishLabs have said Administrators were targeted for several reasons, claiming: 

“Office 365 admins have administrative control over all email accounts on a domain. Depending on the current configuration of the Office 365 instance, a compromised admin account may enable retrieval of user emails, or complete takeover of other email accounts on the domain. 

“In addition, Office 365 admins often have elevated privileges on other systems within an organisation, potentially allowing further compromises to take place via password reset attempts or abusing single-sign-on systems.” 

Once an administrator has been hacked, the criminals can get to work and start setting up new accounts within the compromised business. These accounts are then used to send out more legitimate-seeming phishing emails. 

PhishLabs added:

“This is beneficial for attackers because many email filtering solutions leverage the reputation of a sender domain as a major component of determining whether to block an email. 

Well established domains with a track record of sending benign messages are less likely to be quickly blocked by these systems. This increases the deliverability and efficiency of phishing lures.” 

By sending Microsoft style emails from new accounts, hackers are able to stay under the radar and continue to phish unsuspecting users.