{"id":7920,"date":"2022-12-19T17:05:07","date_gmt":"2022-12-19T17:05:07","guid":{"rendered":"https:\/\/amtivo.com\/uk\/standards\/\/\/what-are-the-threats-to-microsoft-365-and-can-they-be-countered\/"},"modified":"2025-12-15T16:18:02","modified_gmt":"2025-12-15T16:18:02","slug":"what-are-the-threats-to-microsoft-365-and-can-they-be-countered","status":"publish","type":"standard-post-filter","link":"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/insights\/what-are-the-threats-to-microsoft-365-and-can-they-be-countered\/","title":{"rendered":"Cyber Security Threats to MS 365 and How To Reduce Risks"},"content":{"rendered":"<p><em>It\u2019s hard to imagine that a single person reading this won\u2019t have used Microsoft 365 (formerly Office 365) or its desktop predecessor Microsoft Office at some point in their working lives. <\/em><\/p>\r\n<p>According to <a href=\"https:\/\/office365itpros.com\/2022\/04\/28\/office-365-number-of-users\/\" target=\"_blank\" rel=\"noopener\">one estimate<\/a>, the online suite now has around 320 million licensed users, a figure that has grown substantially during the pandemic as companies embraced remote working. That makes Microsoft 365 the most ubiquitous software-as-a-service (SaaS) business application in the world, with the result that it has become a prime target for cyber criminals looking to find a way behind defences. To attackers, Microsoft 365 is like a menu of possibilities, encompassing Office, Excel, Outlook, Teams, SharePoint, and OneNote.<\/p>\r\n<p>That\u2019s a lot to aim at, and aim they do in a way that doesn\u2019t always get the attention it deserves. Let\u2019s consider the various motivations for targeting Microsoft 365 as well as a few of the techniques they use to do this.<\/p>\r\n<h2>Credential Theft and Account Takeover<\/h2>\r\n<p>Microsoft 365 credentials are a powerful commodity because they allow attackers to do anything an employee has permission to do, which is often a lot. And remember, we\u2019re not talking lots of credentials \u2013 even a single account can be used to build a bridgehead inside a target. Once they\u2019ve grabbed the user\u2019s privileges, this allows attackers to send emails or malware to business contacts to execute business email compromise (see below) or siphon off data. <em>Solution:<\/em> Multi-factor authentication (MFA) across all accounts while also limiting privileges.<\/p>\r\n<h2>Email Phishing<\/h2>\r\n<p>And how do attackers get hold of credentials? In most cases, using a targeted phishing attack. It sounds incredibly basic, but sending an employee a spoofed email, Teams meeting notification, SharePoint file sharing request, or OneNote request, exploits the obvious fact that employees receive a stream of these communications all the time and are therefore more likely to be caught off guard. <em>Solution:<\/em> Configure settings in Exchange Online Protection (EOP), for example turning on warnings about unauthenticated senders.<\/p>\r\n<h2>Azure Static Web Apps Phishing<\/h2>\r\n<p>In recent months attackers had started <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/phishing-uses-azure-static-web-pages-to-impersonate-microsoft\/\" target=\"_blank\" rel=\"noopener\">abusing<\/a> the Azure Static Web Apps developer service in sophisticated phishing attacks. Normally, this service is an integration tool for developers deploying apps to Azure from GitHub or Azure DevOps but criminals spotted that users might assume it is a trusted domain for phishing attacks, complete with a Microsoft-issued certificate. <em>Solution:<\/em> so far, nothing specific beyond the usual warnings not to trust emails.<\/p>\r\n<h2>MFA Bypass Phishing<\/h2>\r\n<p>Using multifactor authentication (MFA) on user accounts greatly reduces the chance of being phished but it doesn\u2019t remove it completely. An increasingly popular technique to attempt to bypass MFA is something called consent phishing, which exploits the ability of third-party apps to gain access to a user\u2019s account using the OAuth protocol. The user is persuaded to download a malicious app that looks genuine, which then logs and manipulates the user into granting permissions. <em>Solution:<\/em> Microsoft <a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/07\/14\/microsoft-delivers-comprehensive-solution-to-battle-rise-in-consent-phishing-emails\/\" target=\"_blank\" rel=\"noopener\">claims<\/a> Azure\u2019s security controls can be configured to restrict non-verified apps.<\/p>\r\n<h2>Invoice Fraud<\/h2>\r\n<p>BEC often plays second fiddle to ransomware in media reports these days but it\u2019s still a major worry. According to MDR services provider Expel, attempted BEC represented <a href=\"https:\/\/www.google.com\/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=&amp;cad=rja&amp;uact=8&amp;ved=2ahUKEwjSkeKj1_P5AhXPUMAKHQ8WDywQFnoECBEQAQ&amp;url=https%3A%2F%2Fexpel.com%2Fwp-content%2Fuploads%2F2022%2F05%2FExpel-QTR-051822.pdf&amp;usg=AOvVaw3G_JpAZNsJHKPDTyQuXmxT\" target=\"_blank\" rel=\"noopener\">57% of all incidents<\/a> investigated by its security teams during the first quarter of 2022. Although not all BEC attacks exploit stolen credentials, this type of internal access always increases the chance of an attack succeeding. <em>Solution: <\/em>additional account and customer verification procedures.<\/p>\r\n<h2>Cloud Ransomware Attacks<\/h2>\r\n<p>Organizations store a lot of data on SharePoint and OneDrive, so it follows that attackers will go after these resources too. Thanks to versioning (saving possibly unlimited numbers of older versions of a given document) this isn\u2019t as straightforward as it would be on a desktop computer because attackers must encrypt all versions to deny access to the data. However, according to security company Proofpoint, criminals are already looking for ways <a href=\"https:\/\/www.proofpoint.com\/us\/blog\/cloud-security\/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality\" target=\"_blank\" rel=\"noopener\">around this<\/a>. <em>Solution<\/em>: ensuring files are saved on endpoints or using a separate backup and recovery system.<\/p>\r\n<h2>Conclusion: Are Microsoft&#8217;s 365 Controls Enough?<\/h2>\r\n<p>The direction of travel here is clear \u2013 Microsoft 365, including the Business Basic version sold to SMEs, is now being researched by researchers for its attack potential. It\u2019s not clear that the implications of this have sunk in yet, perhaps because defenders have become more preoccupied with specific attacks such as ransomware. Interestingly, Expel\u2019s recent quarterly <a href=\"https:\/\/www.google.com\/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=&amp;cad=rja&amp;uact=8&amp;ved=2ahUKEwjSkeKj1_P5AhXPUMAKHQ8WDywQFnoECBEQAQ&amp;url=https%3A%2F%2Fexpel.com%2Fwp-content%2Fuploads%2F2022%2F05%2FExpel-QTR-051822.pdf&amp;usg=AOvVaw3G_JpAZNsJHKPDTyQuXmxT\" target=\"_blank\" rel=\"noopener\">threat reports<\/a> found barely any similar attacks on Google Workspace. Presumably, that will change in time as that platform expands but it\u2019s an interesting observation.<\/p>\r\n<p>Microsoft offers a suite of native security layers, principally Microsoft 365 Defender, which a lot of SMEs find themselves relying on. Third-party vendors are always pushing the idea that these controls are lacking but arguably a bigger issue is simply the learning curve and complex pricing options that must be used to configure Microsoft\u2019s 365 security.<\/p>\r\n<p>For SME\u2019s the best option is to take careful advice from a third party service provider with experience of configuring Microsoft 365 security and not rely on Microsoft\u2019s promises alone.<\/p>","protected":false},"excerpt":{"rendered":"It\u2019s hard to imagine that a person reading this won\u2019t have used Microsoft 365 or its desktop predecessor Microsoft Office.","protected":false},"author":24,"featured_media":7466,"template":"","meta":{"_acf_changed":false,"_searchwp_excluded":"","footnotes":""},"standard-post-categories":[31],"standard-post-tags":[91],"class_list":["post-7920","standard-post-filter","type-standard-post-filter","status-publish","has-post-thumbnail","hentry","standard-post-categories-insights","standard-post-tags-iso-27001"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>What are the Threats to Microsoft 365 and how to Avoid Them<\/title>\n<meta name=\"description\" content=\"Microsoft 365 now has around 320 million licensed users, a figure that has grown substantially during the pandemic as companies embraced remote working.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/insights\/what-are-the-threats-to-microsoft-365-and-can-they-be-countered\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber Security Threats to MS 365 and How To Reduce Risks\" \/>\n<meta property=\"og:description\" content=\"Microsoft 365 now has around 320 million licensed users, a figure that has grown substantially during the pandemic as companies embraced remote working.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/insights\/what-are-the-threats-to-microsoft-365-and-can-they-be-countered\/\" \/>\n<meta property=\"og:site_name\" content=\"Amtivo UK\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-15T16:18:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/10\/focused-man-working-with-laptop-2022-09-23-21-40-22-utc.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"627\" \/>\n\t<meta property=\"og:image:height\" content=\"418\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/testimonialImage-placeholder.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"What are the Threats to Microsoft 365 and how to Avoid Them","description":"Microsoft 365 now has around 320 million licensed users, a figure that has grown substantially during the pandemic as companies embraced remote working.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/insights\/what-are-the-threats-to-microsoft-365-and-can-they-be-countered\/","og_locale":"en_GB","og_type":"article","og_title":"Cyber Security Threats to MS 365 and How To Reduce Risks","og_description":"Microsoft 365 now has around 320 million licensed users, a figure that has grown substantially during the pandemic as companies embraced remote working.","og_url":"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/insights\/what-are-the-threats-to-microsoft-365-and-can-they-be-countered\/","og_site_name":"Amtivo UK","article_modified_time":"2025-12-15T16:18:02+00:00","og_image":[{"width":627,"height":418,"url":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/10\/focused-man-working-with-laptop-2022-09-23-21-40-22-utc.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_image":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/04\/testimonialImage-placeholder.jpg","twitter_misc":{"Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/insights\/what-are-the-threats-to-microsoft-365-and-can-they-be-countered\/","url":"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/insights\/what-are-the-threats-to-microsoft-365-and-can-they-be-countered\/","name":"What are the Threats to Microsoft 365 and how to Avoid Them","isPartOf":{"@id":"https:\/\/amtivo.com\/uk\/#website"},"primaryImageOfPage":{"@id":"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/insights\/what-are-the-threats-to-microsoft-365-and-can-they-be-countered\/#primaryimage"},"image":{"@id":"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/insights\/what-are-the-threats-to-microsoft-365-and-can-they-be-countered\/#primaryimage"},"thumbnailUrl":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/10\/focused-man-working-with-laptop-2022-09-23-21-40-22-utc.jpg","datePublished":"2022-12-19T17:05:07+00:00","dateModified":"2025-12-15T16:18:02+00:00","description":"Microsoft 365 now has around 320 million licensed users, a figure that has grown substantially during the pandemic as companies embraced remote working.","breadcrumb":{"@id":"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/insights\/what-are-the-threats-to-microsoft-365-and-can-they-be-countered\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/amtivo.com\/uk\/standards\/iso-27001\/insights\/what-are-the-threats-to-microsoft-365-and-can-they-be-countered\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/insights\/what-are-the-threats-to-microsoft-365-and-can-they-be-countered\/#primaryimage","url":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/10\/focused-man-working-with-laptop-2022-09-23-21-40-22-utc.jpg","contentUrl":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/10\/focused-man-working-with-laptop-2022-09-23-21-40-22-utc.jpg","width":627,"height":418,"caption":"What are the threats to Microsoft 365 and can they be countered?"},{"@type":"BreadcrumbList","@id":"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/insights\/what-are-the-threats-to-microsoft-365-and-can-they-be-countered\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/amtivo.com\/uk\/"},{"@type":"ListItem","position":2,"name":"Standards","item":"https:\/\/amtivo.com\/uk\/standards\/"},{"@type":"ListItem","position":3,"name":"ISO 27001","item":"https:\/\/amtivo.com\/uk\/standards\/iso-27001\/"},{"@type":"ListItem","position":4,"name":"Insights","item":"https:\/\/amtivo.com\/uk\/standards\/insights\/"},{"@type":"ListItem","position":5,"name":"Cyber Security Threats to MS 365 and How To Reduce Risks"}]},{"@type":"WebSite","@id":"https:\/\/amtivo.com\/uk\/#website","url":"https:\/\/amtivo.com\/uk\/","name":"Amtivo","description":"","publisher":{"@id":"https:\/\/amtivo.com\/uk\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/amtivo.com\/uk\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/amtivo.com\/uk\/#organization","name":"Amtivo","url":"https:\/\/amtivo.com\/uk\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/amtivo.com\/uk\/#\/schema\/logo\/image\/","url":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/10\/cropped-BAB-Amtivo-Joint-Logo-Updated-300ppi.png","contentUrl":"https:\/\/amtivo.com\/uk\/wp-content\/uploads\/sites\/20\/2025\/10\/cropped-BAB-Amtivo-Joint-Logo-Updated-300ppi.png","width":371,"height":203,"caption":"Amtivo"},"image":{"@id":"https:\/\/amtivo.com\/uk\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-filter\/7920","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-filter"}],"about":[{"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/types\/standard-post-filter"}],"author":[{"embeddable":true,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/users\/24"}],"version-history":[{"count":1,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-filter\/7920\/revisions"}],"predecessor-version":[{"id":7934,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-filter\/7920\/revisions\/7934"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/media\/7466"}],"wp:attachment":[{"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/media?parent=7920"}],"wp:term":[{"taxonomy":"standard-post-categories","embeddable":true,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-categories?post=7920"},{"taxonomy":"standard-post-tags","embeddable":true,"href":"https:\/\/amtivo.com\/uk\/wp-json\/wp\/v2\/standard-post-tags?post=7920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}