There has been a lot of alarming news about attackers bypassing MFA (multifactor authentication), as well as numerous O365 account takeovers. These statistics demonstrate that even advanced authentication mechanisms do not provide complete protection against determined attackers.
- 71% of organizations experienced O365 account takeover (study conducted by Sapio) in 2020, compared to 40% of organizations that experienced O365 account takeover in 2019 (Cyren report). This dramatic increase shows the scale of threat to Microsoft 365 environments.
- 96% of clients exhibited lateral movement behavior – multi-factor authentication and built-in security controls are being bypassed using malicious applications leveraging OAuth federated authentication services. After taking over one account, attackers move through the environment searching for valuable data.
- 71% of clients exhibited suspicious Office 365 Power Automate service behavior – these workflow services are being used to create and automate command-and-control and data exfiltration attack behaviors. Automation makes it easier for attackers to mass-download documents without manual intervention.
- 56% of clients exhibited suspicious Office 365 eDiscovery service behavior – a tool intended for legal discovery is being abused to locate and exfiltrate sensitive information.
These attack vectors demonstrate that traditional perimeter security is insufficient. After gaining initial access, attackers leverage legitimate platform features to achieve their goals while remaining invisible to standard security tools.
We recommend the Vectra AI Detect for Office365 solution, which uses artificial intelligence to detect these advanced attacker behaviors and enables rapid response before serious damage occurs.
Related Terms
Learn key terms related to this article in our cybersecurity glossary:
- Cybersecurity — Cybersecurity is a collection of techniques, processes, and practices used to…
- Cybersecurity Incident Management — Cybersecurity incident management is the process of identifying, analyzing,…
- Email Spoofing — Email spoofing is a cyberattack technique involving falsifying the sender’s…
- Fake Mail — Fake mail, also known as fake email, is an email message that has been crafted…
- Shadow AI — Shadow AI refers to the unauthorized use of artificial intelligence tools and…
📚 Read the complete guide: AI Security: AI w cyberbezpieczeństwie - zagrożenia, obrona, przyszłość
Learn More
Explore related articles in our knowledge base:
- Enhancing Office365 Account Security with Vectra AI Detect
- AI in the patent office: Security foundations for IP protection
- Vectra AI Integration with Amazon Security Lake
- Agentic AI Framework: How Autonomous AI Agents Transform Security Testing
- AI-NDR: Comprehensive Network Security with AI
Explore Our Services
📚 Read the complete guide: Cyberbezpieczeństwo: Kompletny przewodnik po cyberbezpieczeństwie dla zarządów i menedżerów
Need cybersecurity support? Check out:
- Security Audits - comprehensive security assessment
- Penetration Testing - identify vulnerabilities in your infrastructure
- SOC as a Service - 24/7 security monitoring
