Enterprise Office 365 accounts, many belonging to high-level employees at Fortune 2000 companies, were hit with a brute-force attack in one of the earliest operationalized cloud-to-cloud business attacks, according to Skyhigh Networks, which began tracking the campaign early this year.
Skyhigh detected a pattern of organized attacks including more than 100,000 failed Office 365 logins from 67 IP addresses and 12 networks. Attackers tried logging in with different versions of employees' usernames, a sign they may have already possessed names and passwords but needed usernames for spearphishing campaigns or data access.
All login attempts came from instances hosted on cloud service platforms and targeted 48 businesses. The "slow-and-low" pace of attacks indicates threat actors were trying to stay under the radar; for each business, only a handful of senior employees were targeted. All those who were hit have been notified.
Read more details here.