Malware Alert: Inbox Rules in Office 365

March 2018


A new threat has emerged targeting Office 365 and Exchange online customers. Over the last year Microsoft’s security team has been tracking this threat and CyberGuard's Unit 12 has now seen this attack being executed on UK customers.

The Threat:

The threat is a post-compromise attack meaning that the cyber-criminal must gain access to an Office 365 mailbox first; this is usually done with a phishing email or guessing the user name and password (password spraying). Once the cyber-criminal has access to your Office 365 account the attacker will log on remotely and create an inbox rule in the targets mailbox. 

The rule, once triggered, will look to run an application or program to deliver malware to the user’s desktop client giving the attacker access to your PC or laptop...

To read the full report and to stay up-to-date with future alerts join our LinkedIn Group:

Cyber Threat Intelligence Watch Group: https://www.linkedin.com/groups/8635847

If you would prefer not to click on the link then simply search for our “Cyber Threat Intelligence Watch” Group in LinkedIn.

If you would prefer a copy of the whole report to be emailed to you directly then please send an email to [email protected].

We are currently recruiting for 1st Line Technical Apprentice, IT Technical Apprentice, Sales Support Administrator Find out more >