Microsoft 365 provides a valuable suite of productivity tools, including cloud-based collaboration apps and artificial intelligence features, as well as key Office 365 tools like Word, Excel, and PowerPoint. Microsoft has long been a dominant player in the software market, and the pandemic-driven shift to hybrid working has further reinforced this trend: around 145 million users now log into Microsoft Teams every day.
The power, convenience, and ubiquity of apps in Microsoft 365 leads many organizations to ignore significant security vulnerabilities associated with their broad reliance on the popular platform.
Microsoft 365 security issues
As is often the case, the feature that is one of the greatest strengths of Microsoft’s business productivity suite is also a source of vulnerability. Since the package offers so many different features, many organizations practically operate on the platform, which amplifies the associated risks.
Consider cloud apps from Microsoft. The industry-wide shortage of skilled IT specialists has led many companies to adopt cloud-based versions of Word, Excel and other applications. Cloud-based applications free IT staff from configuring individual user devices and worrying about whether users are installing updates and security patches quickly.
On the other hand, if a hacker manages to break into one Microsoft application, they may be able to access highly sensitive corporate or customer data in many additional applications. The potential harm is far greater than for breaches of completely separate applications hosted on user devices or organization networks.
A recent report detailing the ways cybercriminals are exploiting Microsoft Teams to launch widespread attacks against enterprise users is a case in point.
Cybersecurity firm Avanan has observed malicious actors launching multi-pronged attacks through Microsoft Teams. Using compromised Teams credentials, they can eavesdrop on organizational and cross-organizational discussions and gather confidential information. Or they could insert a malicious executable into a conversation, as Teams performs minimal, if any, scanning of files and URLs. When a chat participant opens the file, malware can write data to the Windows registry or install DLL files, allowing attackers to break into the system. And once inside, they can see – and neutralize – any defenses in use.
Video meetings are just as risky because, like chat, users tend to assume that “official” business communication tools are secure. As long as they know the participants (or believe they know them), few users hesitate to share information or click on a file.
With access to OneDrive or Sharepoint – again, with stolen credentials – cybercriminals can download malware that can spread to the corporate cloud, infecting users’ devices as well as storage in the cloud.
For many cybercriminals, obtaining Office365 credentials is not a huge challenge. Users regularly connect to open networks, where keyloggers can hide. New, carefully crafted social engineering and spear-phishing techniques are capable of fooling even reasonably sophisticated users. And in the increasingly specialized world of cybercrime, front-end access brokers sell access to particular companies’ networks to other cybercriminals, who carry out snooping or ransomware attacks.
Browser vulnerabilities represent an additional weakness for Microsoft products. Microsoft Edge is based on Google’s Chromium, which has been plagued by numerous Zero Day exploits. Any vulnerability in Chromium will also make Edge vulnerable.
Tools to secure Microsoft 365
Safely deploying cloud-based infrastructure requires the use of cloud-specific cybersecurity, such as ZTEdge Cloud Access Security Broker (CASB).
While most cloud platforms, including Microsoft 365, provide the ability to restrict access to certain IP addresses, with many users working from home and other remote locations, including public networks, the IP-based security is impractical or simply impossible to implement.
With ZTEdge CASB, user access to cloud-based applications is granted through the ZTEdge Web Security tenant. The Web Security tenant allows users to log in using a dedicated personal IP address, regardless of the network they are on or the device they are using. Only users logging in from the correct IP address can enter their credentials on the Microsoft 365 portal: for other users, the portal will simply appear dark.
Once a user has authenticated, granular policies restrict access to only the applications and resources they need for their job. Policies can control, for example, which directories they can access and which file sizes and types they can upload, download, print, or share. Data Loss Prevention (DLP) policies can also be implemented to protect sensitive personal or financial information, based on standard PII formats or custom data based on regular expressions.
Remote Browser Isolation (RBI)
RBI protects against zero-day exploits that have become all too common in Edge and other Chromium-based browsers. It protects against malicious links embedded in emails, documents, video meetings or team chats, by opening websites in isolated cloud-based containers. Only a stream of secure content reaches the endpoint browser, where users interact as they normally would with native, but risky, web code. To prevent credential theft, RBI opens suspected phishing sites in read-only mode.
Protection of infected files
ZTEdge Remote Browser Isolation (RBI) includes Disarm and Content Reconstruction (CDR) features to block malware embedded in militarized files. Files transmitted by email, downloaded from websites, or attached to team chats or video meetings are reviewed in an isolated container in the cloud. Malware hidden in weaponized files is removed and files are rebuilt before they can be opened by the user, saved to Sharepoint or OneDrive, or downloaded to endpoints.
Virtual Meeting Isolation
ZTEdge Virtual Meeting Isolation is the only RBI solution available that protects against threats delivered through Microsoft Team Meetings. Links and files shared via video chats are opened in an isolated container in the cloud. Any malware is removed from files attached via CDR, and links in chats, only secure render data is sent to users’ browsers. IP addresses of meeting participants’ endpoints are masked to hide them from hackers looking for entry. Granular policy controls limit what users can share via chats, view using screen shares, or record.
Microsoft 365 is a valuable and comprehensive business productivity tool. Moving to a cloud-based implementation can ease the workload on understaffed IT teams, but it can lead to a host of cybersecurity vulnerabilities.
The best way to protect against known vulnerabilities in cloud-based productivity platforms such as Microsoft 365 is to use a comprehensive Zero Trust-based solution such as ZTEdge Secure Access Service Edge. ZTEdge is specifically designed to meet the needs of medium and small businesses that need Zero Trust protection, but don’t have a large cybersecurity staff to set up and manage a piecemeal, multi-vendor solution.
The post Securing your organization against attacks targeting Microsoft 365 vulnerabilities appeared first on Ericom’s blog.
*** This is a syndicated Ericom Blog Security Bloggers Network blog written by GERRY GREALISH. Read the original post at: https://blog.ericom.com/securing-your-organization-from-attacks-targeting-microsoft-365-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=securing-your-organization-from -attacks -targeting-microsoft-365-vulnerabilities