Quote:New, sophisticated adversaries are switching up their tactics in exploiting enterprise-friendly platforms — most notably Microsoft Exchange, Outlook Web Access (OWA) and Outlook on the Web – in order to steal business credentials and other sensitive data.
 
Both Microsoft’s Exchange mail server and calendaring server and its Outlook personal information manager web app provide authentication services – and integration with other platforms – that researchers say are prime for attackers to leverage for launching attacks.
 
Accenture’s 2020 Cyber Threatscape report, released Monday, shed light on how actors are leveraging Exchange and OWA – and evolving their tactics to develop new malware families that target these services, or using new detection evasion techniques.

“Web-facing, data-intense systems and services that typically communicate externally can make it easier for adversaries to hide their traffic in the background noise, while authentication services could open up a credential-harvesting opportunity for cybercriminals,” according to Accenture researchers on Monday.