Skip to main content

Corporate email servers remain hackers' favorite target

Hacker
(Image credit: Shutterstock)

Attacks against Microsoft 365 Exchange Online systems is the number one threat for businesses of all sizes, according to a new report.  

Conducted by cybersecurity company Vectra AI, the research identifies the top ten threats that impacted its customers across Microsoft 365 and Microsoft's cloud-based identity and access management (IAM) solution, Azure Active Directory (AD).

Vectra tracked the top threats across small, medium, and large businesses to find any correlations between the threats and the size of the business. It calculated the relative frequency of threat detections that were triggered during a three-month period.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Regardless of the size of the business, threats against Exchange Online were at or near the top for all of them, which Vectra argues may indicate that attackers are constantly trying to manipulate Exchange to gain access to specific data or further attack progression.

Detection similarities

From its research, Vectra discovered that larger businesses triggered less number of detections.

“This general trend of larger companies triggering fewer detections when compared to smaller companies tells us that the large companies’ users and administrators may perform Office 365 and Azure AD activity more consistently compared to smaller organizations,” suggests Vectra.

The research also revealed that Azure AD suspicious operations, which might be an indication of attackers trying to escalate privileges to perform admin-level tasks, are the next most common threat for small and medium-sized businesses. Surprisingly, this threat doesn’t feature in the top ten threat for large businesses.

Vectra suggests that a number of these threat detections represent activities that provide ease of use, collaboration with external parties, and provisioning of administrative access to the Azure AD environment, which also provides means for attackers to compromise the service.