Great content delivered right to your mailbox

Thank you! Check your inbox for our monthly recap!

Office 365 is one of the most powerful and widely used business software platforms available. But this popularity comes at a price—it’s also a top target for scammers and hackers, and successful office 365 attacks can lead to millions of dollars of lost revenue per year.

As a business owner or manager, you need to be aware of the latest technologies and scams that outsiders could use to access your company’s data. By understanding how these various methods work, you can better defend yourself against them.


Worried you missed a spot in your clients’ security? Take our security assessment and build your offering on the right foundation


1. Phishing

Starting this list off is phishing, the most common Office 365 attack. Essentially, an outsider impersonates a legitimate entity or individual (such as a customer support representative) in an attempt to gain the target’s trust and obtain their identifiable information—such as their Office 365 username and password—either directly or through fake links.

Scammers can provide a variety of reasons to elicit this information, ranging from something as benign as an attachment that the recipient must open to a more urgent request, such as a fake security concern prompting you to log in to your account.

Phishing also comes in a variety of forms, targeting users through emails, attachments, IMs, and more. They can also be embedded in Office 365 documents in the form of hyperlinks and macros.

Learn more about protecting yourself against Office 365 phishing attempts.

2. Cloud to Cloud

Nobody wants to hear the words “cutting-edge” and “hacker” in the same sentence. Unfortunately, hackers are just as intelligent as the security companies that try to protect your information, and they continue to find ways to break into Office 365 cloud applications.

The cloud-to-cloud approach involves executing brute force attacks on a few accounts at a time. Called a “low-and-slow” attack, it assumes that a user was careless enough to use the same password across multiple accounts, especially SaaS solutions on the Office 365 platform. By trial and error, using multiple IP addresses at a time on one account, hackers are able to breach a handful of high-value accounts over several months.

This attack can be easily avoided through existing Office 365 security solutions, such as multi-factor authentication.

3. Ransomware

Trust us when we tell you that you don’t want to ever be the victim of a ransomware attack. Ransomware is malware that infects the user’s system and encrypts all content on the hard drive. In simple terms, this means you won’t be able to open any apps, documents, or OS services—the only way to unlock the system is to pay the hackers for the key.

Back in June 2016, Office 365 was compromised by a ransomware virus that had infiltrated the communal Office 365 network by pretending to be a private Office 365 mail account. Microsoft security experts were able to prevent any further damage in a few hours, but millions of accounts were affected.

Concerned about ransomware attacks? Prevention is simple—make sure you run routine data backups with cloud solutions.

Download Our Free PowerPoint Deck!

7 Free Things You Can Do to Improve Your Office 365 Security Posture

Find out what you can be doing to better protect your Office 365 environment, why you should be taking these precautions and a step by step guide of how to implement these procedures.

Thank you! We've just sent you your deck.

4. KnockKnock

This sounds like the beginning of a classic joke, but the punch line is far from funny.

The KnockKnock botnet is different from other attacks in this list because it doesn’t target any particular user account. Rather, the attack looks for accounts that are one of the following:

  • Service accounts—for new users in large enterprises.
  • Automation accounts—created for the sole purpose of running automated tools and backups.
  • Machine accounts—used to run processes for data applications.
  • Marketing accounts—for newsletters and auto-responders.
  • Internal accounts—for group messages and distribution lists.

The trick here is that these accounts are not monitored by anyone; they have higher privileges than the average account and don’t work well with additional security systems (such as multi-factor authentication and single sign-on policies). Plus, many of these accounts have lax passwords, such as ‘password123’, to give easy access to multiple authorized personnel.

The botnet performs its namesake, knocking softly on these accounts without revealing itself or drawing attention. Once it gains access, the attack creates new inbox rules to divert emails and incoming messages before beginning to distribute phishing attacks.

5. Password spraying

Password spraying, also known as a reverse brute force attack, is a supplicated hacking tool that can circumvent most Office 365 security mechanisms.

A normal brute force attack will try to log in to a single account with millions of different combinations per second. Naturally, this is not very effective, as it requires a great deal of computational power and time to try all possible password combinations until a correct one is found. Add in Microsoft security devices that lock out attackers after a certain number of incorrect attempts, and brute force attacks have almost been defeated.

Password spraying, however, is rather clever. It involves gathering a large list of usernames (either from probing attacks, IP sniffing, or scraping social media sites like LinkedIn) and then trying to gain access to all these accounts at once with a single password (such as ‘password’ or ‘123456’). Then, the program will wait 30 seconds before trying them all again with other popular passwords. And so on.

This allows the hacker to remain undetected, avoid Office 365 account locking mechanisms, and gain access to multiple accounts at once.

Arguably the best protection against password spraying is promoting password best practices, such as the use of a strong password with a combination of letters, numbers, and punctuation.

Protect Your Data

When it comes to protecting your organization’s data, you need to be proactive—knowing the characteristics of common attacks is only the first step.

Looking for additional security? Sherweb Office Protect is a comprehensive solution that protects your Office 365 accounts against many of these attacks through sign-in monitoring, IP logging, security policy audits, and more.

Get started today to protect yourself against common Office 365 attacks.

Written by The Sherweb Team Collaborators @ Sherweb

As a value-added cloud solutions provider, Sherweb is dedicated to providing more for its partners, direct customers and extended network. The Sherweb Blog is just one example of how we make this happen, and our team members frequently collaborate on content to ensure it's as beneficial as possible for our readers. If you like what you see here, we strongly encourage you to subscribe!