Learn About New Hack Tricks Used to Bypass Microsoft Office 365 Security

Ugra Narayan PandeyData Security Expert
I am proudly an Indian and Currently working as a Data Security Expert with SysTools.
Edited by: Andrew Leniart
Today we are going to make Microsoft clients aware of tricks and tips used by Cybercriminals to bypass Microsoft Office 365 tenants. Read this post carefully to help you achieve an unbreakable security level in your Exchange Online accounts.

Around 10 percent of Microsoft Office 365 clients have been impacted in the last year via a phishing attack known as PhishPoint. This strategy has already been utilized in threats by crooks and scammers to bypass Microsoft Office 365 security, which comprises of Advanced threat protection (ATP) solutions in it. It is bitter truth that ‘due to the human carelessness, phishing ideas successfully work no matter how tight an enterprise tries to secure the clients or employees personal records.

Issues In Microsoft Office 365 Security Solutions

Microsoft Office 365 is a comprehensive solution for business consumers. It benefits people with many different internet services like SharePoint Online, Exchange Online, Lync Online, and other MS Office online software like Excel, PowerPoint, Word, OneNote, and Outlook. 

Above all, Microsoft provides an artificial intelligence system embedded with machine learning technology. This AI strategy is used to provide methods of defense to help users be safer from phishing attacks and other threats by moving one level deep for scanning links in the message body parts. The respective scanning procedure looks for the presence of blacklisted or suspicious domain if any.

Warning – Keep one aspect always in mind that phishing attackers are always in search of one single point from where they can bypass Microsoft Office 365 security.

It was found that scammers were making complete use of ZeroFont techniques to mimic like a trending firm and trap victims with their smart tricks to gain personal and banking records. In May 2018, internet hackers had been found with another advanced technique of hacking, i.e., splitting up of malicious URLs. They break the URL address in a manner that the ‘Safe Links’ security option of Office 365 is unable to detect and substitute the partial links. This clever technique convinces victims to redirect towards the phishing website.

How Bypassing Microsoft Office 365 Security Take Place?

These issues were determined by the Microsoft team from their end, but now the phishing attackers have been found with the use of a new idea to bypass Microsoft Office 365 security solutions, which are already in-built. This idea comprises of the adding up of a malicious link into SharePoint documents. It is a new phishing message campaign that was uncovered in a broad manner where Office 365 consumers were receiving messages from Microsoft that comprised a link to SharePoint documents.

The entire content of the message body seems identical to a normal SharePoint invitation from an unknown individual to collaborate. When the receiver clicks a malicious link present in this kind of invitation message, it automatically opens a SharePoint file in a new tab of their web browser. 

The SharePoint file content tends to be a standard request for data access to a OneDrive file. Now just wait for a second and open your mind broadly!! In actual, the Access Document button present on the file is hyperlinked to a malicious URL. Now, this link redirects the target entity towards a spoofed Microsoft Office 365 login page, forcing a victim to share his or her email id and password to continue the further process. But, the reality is that these account credentials are then harvested by attackers.

What Are The Microsoft Security Solutions Present For?

Well, Microsoft in-built security scans an email body along with the links available within it. But, due to the occurrence of a new phishing message campaign, the organization is unable to identify the threat. With the aim of addressing such threats, Microsoft would begin scanning of links present in shared documents for phishing websites. 

This confronts an apparent vulnerability, which cybercriminals have taken benefit of to propagate phishing threats. Even if Microsoft security solutions were able to scan the URL within the documents, they would still be facing another issue. For example – Office 365 security solutions cannot blacklist websites without blacklisting links to all the SharePoint documents. If the firm blacklisted the complete URL of SharePoint documents, the attackers could easily design a new URL.

Worried? A Solution Still Exists!

The above scenario seems as if there are no protection methods to give notification on the new email phishing campaign. But, the truth is that it's not! Companies have to hire trained employees who are capable of detecting these kinds of phishing attempts. As per the report stated by a cloud security enterprise, it has been found that 10% of Office 365 customers were majorly affected by this new phishing threat. The organization believes that the same percentage value is applicable to all Office 365 consumers worldwide. 

Therefore, in order to stop hackers from bypassing Microsoft Office 365 security, users should ignore emails from unknown senders and avoid the opening of new URLs. In fact, we would suggest that if the subject line of an email (from an unknown sender) comprises terms like URGENT or ACTION REQUIRED then, simply ignore them. Don’t give any attention to these kinds of emails and continue with other work!

  • Ensure that you check the address bar whenever a login page displays in front of you after clicking on the URL in the email. This will help in determining whether the web address is hosted by a legitimate service or not.

  • Check that you always secure your account with two-factor authentication. This will be helpful whenever attackers try to login into your account with the stolen credentials, they will still be blocked because they will be unable to cross the second authentication stage.

Hackers are not majorly responsible for the threats but, cloud computing users are majorly accountable. It is so because until email receivers stop clicking on malicious URLs, attackers will not be able to execute their threats. This means that tenant consumers have to be more careful and conscious whenever they are opening emails from unknown senders (In fact avoid them if possible).

Ugra Narayan PandeyData Security Expert
I am proudly an Indian and Currently working as a Data Security Expert with SysTools.

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.