Attackers are Using Google and O365 to Exploit your Remote Workforce

Since the beginning of the pandemic, millions of employees shifted to work from home mode. While remote work is not a new idea, it’s the rapid, massive shift that has left many organizations feeling more vulnerable about their cybersecurity posture. One particularly noteworthy trend is the increasing use of Office 365 and Google Workspace in cyberattacks. According to a recent report from the Identity Theft Resource Center (ITRC), cybercriminals are now exploiting the Google and Microsoft tools that so many remote teams count on. Targeting campaigns include Google Workspace, Forms and Docs and Microsoft 365’s tools. Cybercriminals see organizations’ increasing dependency on cloud applications, and are doubling down on their efforts to exploit human error and gain access to sensitive data.

Exploiting Our Confidence in Commonly Used Tools

According to Chris Morales, head of security Analytics at Vectra AI, the work from home paradigm has accelerated this trend, and user account takeover in M365 is the most effective way for a hacker to move laterally inside the network. Attacks look like legitimate M365 services and exploit the trust that most users have in these tools, and as with most attacks, employees are the weak link.

What are these attackers doing without the user’s knowledge?

  • Searching through emails and files for data and passwords
  • Setting up forwarding rules to see email without signing in
  • Planting malicious links that allow attackers to steal data and hold it for ransom

This trend is accelerating as attackers exploit human behavior to gain entry. Small to medium Size businesses (SMBs) are particularly vulnerable as the attacks target poor user behaviors around logins and passwords.

Steps to Take Now

  • Create an extra level with Multi-Factor Authentication (MFA). Even if one employee has their credentials stolen, MFA can make it difficult to get to others.
  • Educate employees on how to routinely check the sender of the email; laptops will show the full address for all email senders.
  • Train employees regularly on how to spot a phishing attack. Share examples and visuals of the latest attack efforts so they know what to look for. Be specific about how an attacker can lull them into clicking a malicious link.
  • Remind employees that if they believe they might have already clicked a suspicious link, to report it immediately so it can be contained. Unreported breaches can allow attackers to move unhindered through the network.

Looking to test your defenses or to improve your security posture? Contact Radiant Resources and let us help you build cyber resilience to grow with confidence.