Microsoft continues to grow as the world’s most adopted SaaS application provider with over 258 million Office 365 and 75 million Teams users, according to the company’s third-quarter earnings call in 2020. As a result, it has become a rich repository for critical business data and a tantalizing target for cyberattackers.
This report contains analysis and findings from Cognito Detect for Office 365 deployments and highlights how cybercriminals use legitimate Office 365 services to bypass security and launch attacks.
Key highlights include:
- 96% of customers exhibited lateral movement behaviors — see how multifactor authentication (MFA) and embedded security controls are being bypassed using malicious OAuth federated authentication services applications;
- 71% of customers showed suspicious Office 365 Power Automate behaviors - learn how these workflow services are used to create and automate command-and-control and data exfiltration attack behaviors;
- 56% of customers displayed suspicious Office 365 eDiscovery behaviors;
- Organizations that used Cognito Detect for Office 365 identified and stopped attackers from reaching their goals.