Report: Analysis of Security Issues in Office 365 Phishing Attacks

Verified

Added on 2022/11/12

AI Summary

This report provides an analysis of security issues related to Office 365 phishing attacks. It begins by describing social engineering attacks using ontological components, including goals, mediums, social engineers, targets, compliance principles, and techniques. The report then discusses relevant statistics from the Verizon Data Breach Investigations Report, highlighting the prevalence of phishing and credential theft. It outlines the typical sequence of steps undertaken in phishing attacks, such as sending warning messages and requesting credentials. Finally, the report proposes and justifies potential mitigation strategies, emphasizing the importance of training, process improvements, and technology solutions like domain monitoring, email filtering, and multi-factor authentication to enhance security and prevent these types of attacks. The report references key articles and reports to support its analysis.

Running head: ANALYSIS OF SECURITY ISSUES
ANALYSIS OF SECURITY ISSUES
Name of student
Name of university
Author’s note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1ANALYSIS OF SECURITY ISSUES
1. Description of the social engineering attacks described in the article using the
ontological components:
The social engineering attacks as described in the article with reference to the ontological
components are discussed in details in this context.
An ontological model of a social engineering attack consists of various components which
include a goal, a medium, a social engineer, a target, compliance principles and techniques as
well.
These components are described in details with reference to the article considered for
analysis in this context.
 Goal: The goal of this phishing attack was to steal the username and password of the
office 365 account so that it is possible to access book of the victim which consists of
business as well as private contacts. Although no intention related to financial gain is
identified, there might be a financial perspective as well. Therefore, the goal is mainly
identified as exploitation of privacy through illegal access to business and personal
information as described in this context.
 Medium: The victims are sent emails that contains a HTML file and victims are asked
to open that file so that it is possible to hack the emails and steal username and
password of the office 365 accounts.
 Social engineer: According to the article, the hackers might be part of a large
campaign which is targeting office 365 consumers for accessing office 365 accounts
through exploitation of username and passwords associated with those accounts.
 Target: According to the article, Salted Hash was nothing but a potential victim in a
larger campaign where targets include government agencies, industrial organizations,
financial firms, universities, and other organizations as well.

2ANALYSIS OF SECURITY ISSUES
 Compliance principles: In this type of social engineering attacks, hackers makes use
of trust of the victim for someone they have association with. When, victims receive
emails from someone they trust and have association with they are likely to click
those emails. However, most of the people are not capable of identifying that these
emails are actually sent by the hackers by compromising the office accounts of a
potential victim by exploiting the security of the account. Therefore, the hackers
abuse the relationship between vendors and acquaintances. Therefore, the compliance
principles that are considered by the hackers are friendship or liking, scarcity and
authority as well.
 Techniques: The technique that was considered by the hackers in this context is
phishing executed through emails that are associated with the office 365 accounts.
2. Discussion of relevant statistics:
Some relevant statistics from the Verizon Data Breach Investigations Report are described in
relation to these types of attacks.
According to the report, 32% of the data breaches are due to phishing and 29% of those
breaches were considered for stealing credentials. The report also specifies that Email is
considered as the number one delivery method, Office Document is cindered as the number
one file type, Phishing is considered as the number one technique and Human is considered
as the number one target.
3. Description of the typical sequence of steps undertaken for the phishing attacks
described in the article:
In this article, it was mentioned that a generic looking email was sent to Salted Hash which
warned that the allowed quota for his account has exceeded and therefore, the email delivery
was delayed. These type of message is intended for convincing the victim to click the

3ANALYSIS OF SECURITY ISSUES
contents provided in the email. It is important to note that the type of message that are
provided through the email varies and might include informal subject line as well such as
FYI, Approved Invoice or Fw: Payments and these type of informal subject lines are now
widely considered by the hackers for getting attention of the owner of the account. Along
with this, the hackers considers the compromised office accounts to email business contacts
internal to the organization and for this the same quota message is considered as well.
However, the main features of various phishing attacks are the followings:
 Sending email to the victims often containing some warning message such as low
email storage, suspensions of server, account upgrade, security updates. Along with
this, these emails sometime also contains message asking for reviewing documents or
even sending approval message such as approved invoice for ensuring attention of the
account owners
 According to the type of message, documents are provided in the email which
includes HTML file, or some plain documents
 Users are instructed to enter their credentials for accessing the documents provided in
the emails which is then consider by the hackers to hack the office 365 accounts
4. Proposal and justification of potential mitigations for these type of attacks:
In order to mitigate the issues related to the phishing attacks, proper strategies are required
which is described in the article.
While designing mitigation strategies for these issues, it includes consideration of people,
process and technology factors to ensure that the solutions are effective and efficient as well.
 People: Training of people regarding these type of security issues is one of the most
important aspect of designing an effective mitigation strategies. Hackers often

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4ANALYSIS OF SECURITY ISSUES
considers lack of knowledge of people about these type of security issues and this
makes it easier for them to execute their strategies for accessing information which
requires authentication. Although people of all level requires knowledge regarding
this, but people from Journalism, office administration, legal, marketing, sales, human
resources require extensive training as their job position is such that they require to
communicate with strangers and access contents that are sent through emails
 Process: The trainings that are provided in this context, do not explain them how to
identify these type of security issues and what process they need to follow if they
identify such security issues. Therefore, it is required to ensure that people are aware
of this process so that it is possible to mitigate these security issues effectively and
efficiently.
 Technology: In order to mitigate these security issues, technical knowledge is also
required. The technical strategies that are required in this context are monitoring of
domains for example identification of knock-off URLs, email filtering are some of the
important techniques in this context that needs to be considered as well. Along with
this, multi-factor authentication is also recommended for enhancing security of the
office 365 accounts so that it is easier to ensure that it is not easy to access these
accounts if proper authentication is not provided required in this context.

5ANALYSIS OF SECURITY ISSUES
References:
Mouton, F., Leenen, L. and Venter, H. (2016). Social engineering attack examples, templates
and scenarios. Computers & Security, 59, pp.186-209.
Ragan, S. (2019). Office 365 Phishing attacks create a sustained insider nightmare for IT.
[online] CSO Online. Available at: https://www.csoonline.com/article/3225469/office-365-
phishing-attacks-create-a-sustained-insider-nightmare-for-it.html [Accessed 13 Sep. 2019].
Verizondigitalmedia.com. (2019). 2019 Verizon Data Breach Investigations Report: First
impressions from the perimeter | Verizon Media Platform. [online] Available at:
https://www.verizondigitalmedia.com/blog/2019-verizon-data-breach-investigations-report-
first-impressions/ [Accessed 13 Sep. 2019].