Microsoft warns of hacking attacks on Office 365

Microsoft has reported that hackers have taken aim at Office 365 users, but mainly defense contractors, which could raise security concerns.

According to the Redmond-based giant, hackers are targeting U.S., European and Israeli defense companies, including those that manufacture military radars, drones, satellite systems and emergency communications systems, as well as ports and international shipping concerns with a presence in the Middle East. According to Microsoft, the attacks lead to Iran and are carried out on a password-guessingwhich is a systematic attempt to gain passwords by guessing them.

So far, the hackers have attempted 250 targets, but by target, they mean entire organizations and companies, not individuals, of which fewer than 20 attacks have been successful. The Microsoft Threat Intelligence Center (MSTIC) calls this hacking group DEV-0343 and reports that it first came across its trail in July of this year and has since begun tracking its activities. The corporation assumes it’s a group with ties to the Iranian government that aims to obtain data on foreign security and transportation systems.

Gaining access to commercial satellite imagery and proprietary plans and delivery records could help Iran offset its own growing satellite program

Microsoft’s blog reads.

As a result, Microsoft traditionally advises great caution not to make things easy for hackers, as the form of attack they choose is heavily dependent on the strength of our password. – They typically target tens to hundreds of accounts within an organization, depending on size, trying tens to thousands of times with each account. On average, between 150 and 1000+ unique proxy IP addresses from the Tor network are used to attack each organization, explains Microsoft.

Attackers try to obtain a user’s email address and then spend hours or even days trying to crack the password by typing in more possibilities – if it’s a strong one, such as from a password manager, the chances of success are slim, but a large proportion of users still use very simple and common passwords or combinations that can be easily deduced from a name, date of birth or email address alone. What’s more, enabling multi-step verification also seems to spoil their plans, because even if they guess the password, the need to confirm it with a one-time code sent to the phone number will be unbearable for them.

Microsoft’s warnings are also a great opportunity to remind us once again to take proper care of our online safety, because although this attack is aimed at specific companies, in another case the target could be our personal data. And since nowadays we use the Internet not only for information and entertainment, but also for professional purposes or online banking, the consequences of such an attack can be serious. That is why you should remember about multi-step verification, strong passwords (the best is to use special password password managerswhich offer difficult to crack random combinations) and a different password for each of the services that require login.

Like this post? Please share to your friends:
Mobile Pedia