ALERT: Microsoft O365 Zero-Day Vulnerability​

Known as BaseStriker, the vulnerability is being used to lure users into Phishing attacks by bypassing built-in Office365 security protection. This allows the delivery of emails with known malware and phishing links to users.

Delivery of malicious mails has long-been a prime method for initiating attacks on companies and individuals. Mails with malicious links trick users to access phishing websites or to download and run malicious content. Phishing attacks on cloud applications such as Office 365 are particularly dangerous: our incident response team reports that these attacks are extremely common, and often lead to users inadvertently surrendering their credentials to hackers. Once in possession of a user’s username and password, the attacker can perfectly impersonate a legitimate user on the corporate email. Such account takeovers allow attackers to trick corporate users into performing financial transactions on their behalf (typically transferring money or goods into the threat actor’s hands), to providing access to sensitive data, and to installing malware.

This new vulnerability serves as a reminder to some of the security risks organizations face when adopting cloud applications. Such security risks are the reason we strongly advise customers to protect their usage of SaaS applications with dedicated SaaS security, which focuses on preventing evasive cyberattacks, and which protects the organization from cloud account takeover.

Are your O365 mail systems protected? Our solutions and certified security experts bring the knowledge and tools necessary to protect your users from vulnerabilities like BaseStriker. There’s no reason to lose sleep over this. We’ve got your back. Give us a call today – 800-319-3051.