Hackers have launched brute force attacks against nearly 50 Microsoft Office 365 customers so far this year, according to Skyhigh Networks, a cloud access security broker (CACB) that detected and helped to mitigate the cyberattacks.
According to a Skyhigh statement released today, the company's cloud platform:
"detected and defended against a ‘slow-and-low’ pattern of coordinated attacks on high-value targets, including more than 100,000 failed Office 365 logins from 67 IP addresses and 12 networks. The attempts all came from instances hosted on cloud service platforms and targeted 48 different organizations. The duration and measured pace of the attacks suggest a determined effort and the desire to avoid detection. Within each organization, the attackers targeted a small number of senior employees across multiple departments."
Generally speaking, brute force attacks typically involve automated systems that repeatedly guess the user name and passwords for specific applications our services. Skyhigh's platform detected and defended against the attack by correlating Office 365 API login data across employees and customers, the company says.
It's unclear if these were relatively isolated incidents, or if Office 365 customers outside of Skyhigh's installed base also experienced the attacks. MSSP Alert has reached out to Microsoft to learn whether the company has witnessed an overall jump in brute force attacks against Office 365 this year.
Skyhigh and Office 365 Security
Back at Skyhigh, the company's Threat Protection feature analyzes cloud-user activity with cross-tenant machine learning algorithms to identify correlated anomalous behavior indicative of persistent threats that would have otherwise flown under the radar, the company added.
Skyhigh brought the attacks to the attention of targeted customers and have been working to help clients audit all cloud services in use, enforce secure login policies and provide a comprehensive picture of threat intelligence across cloud environments, the company indicated.
Skyhigh's flagship offering is a Cloud Access Security Broker (CASB) platform, which bolsters cloud services access to address security, compliance and governance requirements. Roughly 600 customers worldwide leverage the platform.