Hi Team!
For all of you have the same discussions with customers about security in Microsoft Office 365 i created a video to proof how easy it is to attack your Office 365 credentials and how to get access to your Data:
Whenever im in discussions with customers about security of Microsoft Office 365 and why they should backup cloud-data, one of their “argument” is that Microsoft Office 365 is super secure. And to keep it short – yes thats true!
But today i will not cover a backup focused topic! Lets concentrate on the customers argument.
Have you ever asked yourself : What if someone got your login credentials (also with MFA!) and can access all of your Office 365 data?
To be honest, my first mind was sure almost the same you are just thinking about : CMOOOOON thats a miracle ! That kind of hackers only exist in movies!
What is better than tell customers how easy it is to hack their environment? Correct ! Show them how easy it is !
So i started with the research how i can built my own Office 365 hacking (or more phishing) demo environment – and finally… it runs like a charm
Im a fan of actions instead of thousend words so I created a live recording for you (and your employees):
I hope you enjoyed the video. I think we will do more recordings in future (any feedback appreciated).
The problem with phishing is that there is no security issue on the providers side! We created a perfect copy of a providers webpage and waiting for some victims to fool them. And as soon as we phish some credentials we are able to log in with their account and use their adress book, their contacts, their data etc.
Hackers will use the smallest security-gap to get into your network.
In our case they can answer your emails from your colleagues or customers. They can write e-mails to your admins under your name and access internal data. They can read your attachments and files in onedrive or on your sharepoint.
Its just the first step into your environment. And for sure all your data can be deleted or encrypted !
Imagine how fast some “phishing love” can be shared under your name !
AND THATS WHY BACKUP IS ABSOLUTELY NECESSARY !!!
I really hope i could raise your awareness! Feel free to share the video and this post to protect you and your company !
Feel free to contact us if you have any questions or feedback !
