Outlook attack steals massive number of passwords
Large organisations could be at risk as researchers have uncovered advanced malware that can steal almost all of their email passwords by infecting their Outlook Web Application (OWA) mail server over an extended period of time.
Cybereason also detailed the technical information behind how the hackers managed to gain a foothold into such a highly strategic asset;
"Almost by definition, OWA requires organizations to define a relatively lax set of restrictions; and in this case, OWA was configured in a way that allowed Internet-facing access to the server. This enabled the hackers to establish persistent control over the entire organization's environment without being detected for a period of several months."
This is a particularly valuable resource for attackers because it acts as an intermediary between the public Internet and a resource that’s inside a company’s firewall. Because they were using OWA to enable remote user access to Outlook, the attackers were able to access the company’s domain credentials. Although Cybereason didn’t say how widespread the attack is beyond it targeting the one company, the likelihood is that malware as detailed as this isn’t a one-off thing, so it wouldn’t be surprising to see it resurface again.
Are you worried about such an event happening to your company? Our Managed Services Solutions can help you defend against such an attack. Talk to our sales team for more info.