By Dave Waterson, CEO, SentryBay
The Office 365 suite is used by millions of organisations across the globe, allowing users to access their files from anywhere, from multiple devices and importantly, empowering collaboration. But as employers and employees settle in for long-term remote working practices, Office 365 becomes even more of a prime target for cyber-attacks.
Sensitive organisational data moves across the Office 365 suite in huge volumes as it makes its way into corporate clouds, so it is little surprise that malicious actors aim to breach accounts through phishing attacks so they can extract valuable information. An example is the recent attack warned against by the Australian Prime Minister. To prevent this, many organisations have focused on protecting data transmission to safeguard data that is transmitted to, and stored in, the cloud.
In recent months however, the landscape has changed. Employees who would previously have been working within the security of the corporate perimeter are now at home, or remote from the office. The speed of this transition was so fast that many employers were unable to ensure that the security of the endpoints and devices their workers were using to connect to the network were adequately protected, providing an open door for cybercriminals.
This has played a major part in the rise of cyberattacks over the last few months. In a survey carried out by SentryBay amongst 1550 people working from home at the end of April, 42% had already received suspicious emails and 18% had tackled an actual security breach since lockdown began. The survey also found that whilst 79% had been given additional software or security to protect their endpoint devices, such is the rise of polymorphic malware, obfuscation and stealth technologies, standard anti-virus solutions are no longer sufficient to stem the tide.
Biggest endpoint threats
The most virulent threats to endpoints come from keylogging and screen capture. Once keylogging malware penetrates the device it will track the keys that are pressed to log-in, within an Office 365 application, or on a website, for example, and save them to the attacker’s server. Screen capture is pre-configured to take a shot of the screen every few seconds. Anything that is displayed on the screen, from financial data on an Excel file, a new product presentation on PowerPoint or sensitive personnel information on Word will then be visible to the attacker.
Given that remote working is likely to continue for the foreseeable future, organisations now need to think carefully about how they combat the threat of attacks on endpoint devices and vulnerabilities in Office 365 installations.
Deploying a secure wrap
First, they should deploy specific protections to securely wrap Office 365 and guard against all kernel-level keylogging, which is the most dangerous form of a keylogging attack. This protection should not rely on identifying the key logger, but should work proactively against all present and future key logging threats, out of the box without the need for regular signature updates.
They can put in place safeguards to prevent screen grabbing of Microsoft Word, Outlook, Excel and PowerPoint installations, while allowing the user to continue using collaborative tools such as GoToMeeting, Google Hangouts and TeamViewer.
It is also vital to check the integrity of Office 365 log-on credentials in real-time when the user logs on, against known stolen credentials, and take appropriate actions in the event of a match.
Organisations should ensure that as well as preventing keylogging and screen capture malware, the solution protects against MITM/MITB, dll injection, ensures process integrity and prevents RDP/double-hopping all of which can compromise the security of the data flow in the corporate cloud ecosystem.
Most importantly, at a time of heightened cybersecurity threat, the stringent strategies usually employed to protect the corporate network need to be extended to encompass employees and their endpoints in whatever way they are accessing cloud data. This has to be an end-to-end approach that seals off any possible gaps and in organisations that also need to meet compliance requirements (such as PCI, GDPR, HIPPAA, etc) security solutions that protect endpoints are fast becoming one of the most urgent areas to address.