Brute-force attacks launched by cyber-criminals can allow them to compromise corporate e-mail systems such as Office365.
Research carried out by security firm Proofpoint shows how cyber- criminals can infiltrate enterprise e-mail systems and access sensitive corporate e-mails by carrying out brute-force attacks, even if such e-mail systems have single sign or multi-factor authentication in place.
"It only takes one compromised Microsoft Office 365 account to unlock access to a virtual goldmine of confidential data and access—and we have seen a major increase in organisations losing both money and data to these attacks," said Ryan Kalember, senior vice president of Cybersecurity Strategy for Proofpoint.
"Once an attacker compromises a trusted account, they can read a user’s email, look at their calendar, and launch internal phishing emails attempts from a trusted account."
According to Kalember, e-mail systems that have multifactor authentication support are also being targeted by cyber-criminals who do so by exploiting interfaces that do not support strong authentication in most deployments, such as Exchange Web Services and ActiveSync.