{"id":24583,"date":"2023-12-18T13:42:06","date_gmt":"2023-12-18T18:42:06","guid":{"rendered":"https:\/\/www.sherweb.com\/blog\/?p=24583"},"modified":"2024-10-08T19:03:05","modified_gmt":"2024-10-08T23:03:05","slug":"microsoft-365-attack-surge","status":"publish","type":"post","link":"https:\/\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\/blog\/security\/microsoft-365-attack-surge\/","title":{"rendered":"Defend your Microsoft 365 accounts: Navigating the surge in attacks and how to shield your business"},"content":{"rendered":"<p><em><span class=\"ui-provider ed bec baa ceo cep ceq cer ces cet ceu cev cew cex cey cez cfa cfb cfc cfd cfe cff cfg cfh cfi cfj cfk cfl cfm cfn cfo cfp cfq cfr cfs cft\" dir=\"ltr\">In our latest blog, guest writer Guillaume Boisvert, Director of Product Innovation, unravels the intricacies of Microsoft 365 account attacks and breaches\u2014an alarming reality that demands collective attention and strategic vigilance. Read on to learn how to further strengthen your Microsoft 365 security.<\/span><\/em><\/p>\n<p><span data-contrast=\"auto\">The security operation center for <a href=\"https:\/\/www.sherweb.com\/blog\/security\/office-protect-alliance\/\">Office Protect Alliance<\/a> gives us incredible visibility on common attacks on Microsoft 365. In the last few weeks, we have observed a significant increase in successful attacks that appear to share <\/span><span data-contrast=\"auto\">tactics, techniques, and procedures<\/span><span data-contrast=\"auto\">. As an MSP centric company, we wanted to share our observations and recommendations with the community.\u00a0 While all components of these attacks appear to have been seen in the wild before, we felt the increase in frequency warranted some exposure and wanted to help you <\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">safeguard your business against these evolving threats.<\/span><\/p>\n<h2><b><span data-contrast=\"auto\"><strong>Indicators of Compromise (IOC)<\/strong><\/span><\/b><\/h2>\n<h3><em>What are the common denominators in recent successful Microsoft 365 attacks?<\/em><\/h3>\n<p><span data-contrast=\"auto\">The observed attack relies heavily on session\/token hijacking to bypass <a href=\"https:\/\/www.sherweb.com\/blog\/security\/multi-factor-authentication\/\">multifactor authentication (MFA)<\/a>. This method a common one today to get around MFA and it is simple to execute. It can be done with a well known open-source tool called <a href=\"https:\/\/hackmag.com\/security\/evilginx-phishing\/\">Evilginx<\/a>. It is also now part of for-profit hacker tools such as <a href=\"https:\/\/therecord.media\/w3ll-phishing-toolkit-bec-microsoft-365-accounts\">W3ll<\/a>.\u00a0 Using these tools, or other methods, session hijacking is basically always finding a way to get the valid, MFA authenticated, session token from an identified user, and leveraging it to access the account from the attackers device. <\/span><\/p>\n<p><span data-contrast=\"auto\">We have observed multiple outcomes to these breaches. Some lead to the <a href=\"https:\/\/darktrace.com\/blog\/how-abuse-of-perfectdata-software-may-create-a-perfect-storm-an-emerging-trend-in-account-takeovers\">\u201cPerfectData\u201d attack<\/a> which has been <a href=\"https:\/\/cybercorner.tech\/malicious-azure-application-perfectdata-software-and-office365-business-email-compromise\/\">documented by Darktrace<\/a>. Others simply start spewing <a href=\"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-flag-phishing-emails\/\">phishing emails<\/a> from the victims\u2019 mailboxes. All of these actions appear to be part of modern attacks that try to leverage account information to do <a href=\"https:\/\/www.microsoft.com\/en-ca\/security\/business\/security-101\/what-is-business-email-compromise-bec\">Business Email Compromise (BEC) attacks<\/a>. The second goal, including the spamming, is to find more victims by sending out more phishing emails.\u00a0 In all cases, we have seen a significant delay between the original account access, and the actual BEC\/fraud actions.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<h3><em>How can you identify a breach?<\/em><\/h3>\n<p><span data-contrast=\"auto\">One IOC observed across our different cases have been the <a href=\"https:\/\/learn.microsoft.com\/en-us\/exchange\/security-and-compliance\/mail-flow-rules\/manage-mail-flow-rules\">creation of an Exchange rule<\/a> to hide incoming emails. The simple rule is usually named \u201c\u2026\u201d (without the quotes) and redirects all incoming email traffic to the \u201c\/RSS Feed\/\u201d folder in the victims\u2019 inbox.\u00a0 As far as we can tell, this is simply to hide notifications about the mailbox being used to spam phishing emails to the victims\u2019 contacts, and not a fancy way to persist access.\u00a0 <\/span><\/p>\n<p><span data-contrast=\"auto\">We have also observed the use of anonymizing <a href=\"https:\/\/www.sherweb.com\/blog\/security\/6-tips-avoid-hackers\/\">VPN services<\/a> to hide the attackers\u2019 true location, allowing them to appear to be from a country matching the operating country of the tenant. Interestingly, this appears to not be done 100% throughout the attack and IPs seen mid-attack have been consumer IPs rather than VPN IPs. Some of the attackers\u2019 infrastructure appears to be in eastern Europe, particularly Russia.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<h2><strong>Attack remediation<\/strong><\/h2>\n<h3><em>What immediate steps should MSPs take after a breach?<\/em><\/h3>\n<p><span data-contrast=\"auto\">Managed Service Providers (MSPs) looking to remediate the attack should start by following <a href=\"https:\/\/learn.microsoft.com\/en-us\/microsoft-365\/admin\/misc\/user-consent?view=o365-worldwide\">Microsoft best practices<\/a> when it comes to breached accounts, including the very important step of <a href=\"https:\/\/learn.microsoft.com\/en-us\/entra\/identity\/users\/users-revoke-access\">revoking existing sessions<\/a>. Without that step, the hacker could retain access longer, potentially allowing\u00a0 lateral movement attack and improved persistence mechanisms.<\/span><\/p>\n<h3><em>What if the attack origin isn&#8217;t clear?<\/em><\/h3>\n<p><span data-contrast=\"auto\">If you cannot identify exactly how the attacker hijacked the user session, it is probably worth investigating outside of Microsoft 365, including the <a href=\"https:\/\/www.sherweb.com\/blog\/security\/what-is-endpoint-protection-and-why-do-you-need-it\/\">endpoint<\/a>, for signs of compromise. <\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<h2><strong>Prevention and hardening<\/strong><\/h2>\n<h3><em>How can you harden your Microsoft 365 tenant against attacks?<\/em><\/h3>\n<p><span data-contrast=\"auto\">Another consideration should be the hardening of the Microsoft 365 tenant to prevent the attack being successful in the first place. We recommend a few things that will help:<\/span><\/p>\n<ol>\n<li><strong>Prevent non-admin users from accepting any 3rd<\/strong><span data-contrast=\"auto\"><strong> party software<\/strong>. This will help for the PerfectData Software component of the attack related above. This can be done in Microsoft 365, or very easily using <a href=\"https:\/\/help.office-protect.com\/en\/support\/solutions\/articles\/67000686429-office-protect-settings-do-not-allow-third-party-integrated-applications\">Sherweb\u2019s Office Protect<\/a>. It will reduce the efficacy of the attack by slowing it down and not allowing \u201cen masse\u201d download of the victim\u2019s data.<\/span><\/li>\n<li><strong>The creation of strict conditional access policy<\/strong>. While there are many options here, and your ability to pin things down will be influenced by the reality of the tenant\u2019s business requirement, we recommend creating rules that do not allow access from most countries. We generally recommend not allowing the use of anonymizing VPN services in a business context, allowing their blocking and easy detection. Additionally, if you can, limit access from any unknown device at all, for added protection.<\/li>\n<\/ol>\n<h3><em>What specific measures enhance protection?<\/em><\/h3>\n<p>The final step in attack prevention is strict monitoring of any activities that relates to the above indicators of compromise. Any access from anonymizing VPN, 3<span data-contrast=\"auto\">rd<\/span><span data-contrast=\"auto\"> party software installation, Exchange rule creation or outbound spam should be detected and acted upon immediately. Microsoft provides tools to do some of this, or you can seek the help of products like <a href=\"https:\/\/www.sherweb.com\/blog\/security\/what-is-office-protect\/\">Office Protect<\/a>, Octega or Blackpoint Cyber.<\/span><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Hopefully implementing theses recommended measures to fortify your Microsoft 365 accounts helps your business protect their tenants. Remember, security is a shared responsibility\u2014never give up the good fight!<\/span><\/p>\n<h4>Want to learn more about how Office Protect can defend against evolving threats and how to secure your Microsoft 365 to support your MSP business? Reach out to us to <a href=\"https:\/\/www.sherweb.com\/security\/office-protect\/resell\/\">start a conversation<\/a>.<\/h4>\n","protected":false},"excerpt":{"rendered":"<p>In our latest blog, guest writer Guillaume Boisvert, Director of Product Innovation, unravels the","protected":false},"author":84,"featured_media":24586,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[753],"tags":[826,919,921],"class_list":["post-24583","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-office-protect","tag-cybersecurity","tag-microsoft-365-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Safeguard your business from Microsoft 365 attacks | Sherweb<\/title>\n<meta name=\"description\" content=\"Take action now! Discover proactive measures against escalating Microsoft 365 attacks. And safeguard your business against evolving threats.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Safeguard your business from Microsoft 365 attacks | Sherweb\" \/>\n<meta property=\"og:description\" content=\"Take action now! Discover proactive measures against escalating Microsoft 365 attacks. And safeguard your business against evolving threats.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/\" \/>\n<meta property=\"og:site_name\" content=\"Sherweb\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Sherweb\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-18T18:42:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-08T23:03:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\/blog\/wp-content\/uploads\/Special-Alliance-Play-1200x480-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"460\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Guillaume Boisvert\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/GoGreenwood1\" \/>\n<meta name=\"twitter:site\" content=\"@SherWeb\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Guillaume Boisvert\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/microsoft-365-attack-surge\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/microsoft-365-attack-surge\\\/\"},\"author\":{\"name\":\"Guillaume Boisvert\",\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/#\\\/schema\\\/person\\\/9d7eaf664a5d618b082f0a8454c779f5\"},\"headline\":\"Defend your Microsoft 365 accounts: Navigating the surge in attacks and how to shield your business\",\"datePublished\":\"2023-12-18T18:42:06+00:00\",\"dateModified\":\"2024-10-08T23:03:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/microsoft-365-attack-surge\\\/\"},\"wordCount\":898,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/microsoft-365-attack-surge\\\/#primaryimage\"},\"thumbnailUrl\":\"\\\/blog\\\/wp-content\\\/uploads\\\/Special-Alliance-Play-1200x480-1.jpg\",\"keywords\":[\"Office Protect\",\"Cybersecurity\",\"Microsoft 365 security\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/microsoft-365-attack-surge\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/microsoft-365-attack-surge\\\/\",\"url\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/microsoft-365-attack-surge\\\/\",\"name\":\"Safeguard your business from Microsoft 365 attacks | Sherweb\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/microsoft-365-attack-surge\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/microsoft-365-attack-surge\\\/#primaryimage\"},\"thumbnailUrl\":\"\\\/blog\\\/wp-content\\\/uploads\\\/Special-Alliance-Play-1200x480-1.jpg\",\"datePublished\":\"2023-12-18T18:42:06+00:00\",\"dateModified\":\"2024-10-08T23:03:05+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/#\\\/schema\\\/person\\\/9d7eaf664a5d618b082f0a8454c779f5\"},\"description\":\"Take action now! Discover proactive measures against escalating Microsoft 365 attacks. And safeguard your business against evolving threats.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/microsoft-365-attack-surge\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/microsoft-365-attack-surge\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/microsoft-365-attack-surge\\\/#primaryimage\",\"url\":\"\\\/blog\\\/wp-content\\\/uploads\\\/Special-Alliance-Play-1200x480-1.jpg\",\"contentUrl\":\"\\\/blog\\\/wp-content\\\/uploads\\\/Special-Alliance-Play-1200x480-1.jpg\",\"width\":1200,\"height\":460,\"caption\":\"Microsoft 365 attack\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/security\\\/microsoft-365-attack-surge\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Defend your Microsoft 365 accounts: Navigating the surge in attacks and how to shield your business\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/\",\"name\":\"Sherweb\",\"description\":\"More than a cloud marketplace\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.sherweb.com\\\/blog\\\/#\\\/schema\\\/person\\\/9d7eaf664a5d618b082f0a8454c779f5\",\"name\":\"Guillaume Boisvert\",\"description\":\"Guillaume identifies and evaluates new solutions and product features that help Sherweb and its partners grow and compete. Responsible for the growth and development of Office Protect, Sherweb\u2019s security add-on for Microsoft 365, Guillaume leads the team responsible for building and commercializing the company's in-house security offering. He has almost two decades of experience developing software-as-a-service (SaaS), both as a technical lead and as a product manager.\",\"sameAs\":[\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/GoGreenwood1\"],\"url\":\"https:\\\/\\\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\\\/blog\\\/author\\\/guillaumeboisvert\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Safeguard your business from Microsoft 365 attacks | Sherweb","description":"Take action now! Discover proactive measures against escalating Microsoft 365 attacks. And safeguard your business against evolving threats.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/","og_locale":"en_US","og_type":"article","og_title":"Safeguard your business from Microsoft 365 attacks | Sherweb","og_description":"Take action now! Discover proactive measures against escalating Microsoft 365 attacks. And safeguard your business against evolving threats.","og_url":"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/","og_site_name":"Sherweb","article_publisher":"https:\/\/www.facebook.com\/Sherweb","article_published_time":"2023-12-18T18:42:06+00:00","article_modified_time":"2024-10-08T23:03:05+00:00","og_image":[{"width":1200,"height":460,"url":"https:\/\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\/blog\/wp-content\/uploads\/Special-Alliance-Play-1200x480-1.jpg","type":"image\/jpeg"}],"author":"Guillaume Boisvert","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/GoGreenwood1","twitter_site":"@SherWeb","twitter_misc":{"Written by":"Guillaume Boisvert","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/#article","isPartOf":{"@id":"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/"},"author":{"name":"Guillaume Boisvert","@id":"https:\/\/www.sherweb.com\/blog\/#\/schema\/person\/9d7eaf664a5d618b082f0a8454c779f5"},"headline":"Defend your Microsoft 365 accounts: Navigating the surge in attacks and how to shield your business","datePublished":"2023-12-18T18:42:06+00:00","dateModified":"2024-10-08T23:03:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/"},"wordCount":898,"commentCount":0,"image":{"@id":"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/#primaryimage"},"thumbnailUrl":"\/blog\/wp-content\/uploads\/Special-Alliance-Play-1200x480-1.jpg","keywords":["Office Protect","Cybersecurity","Microsoft 365 security"],"articleSection":["Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/","url":"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/","name":"Safeguard your business from Microsoft 365 attacks | Sherweb","isPartOf":{"@id":"https:\/\/www.sherweb.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/#primaryimage"},"image":{"@id":"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/#primaryimage"},"thumbnailUrl":"\/blog\/wp-content\/uploads\/Special-Alliance-Play-1200x480-1.jpg","datePublished":"2023-12-18T18:42:06+00:00","dateModified":"2024-10-08T23:03:05+00:00","author":{"@id":"https:\/\/www.sherweb.com\/blog\/#\/schema\/person\/9d7eaf664a5d618b082f0a8454c779f5"},"description":"Take action now! Discover proactive measures against escalating Microsoft 365 attacks. And safeguard your business against evolving threats.","breadcrumb":{"@id":"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/#primaryimage","url":"\/blog\/wp-content\/uploads\/Special-Alliance-Play-1200x480-1.jpg","contentUrl":"\/blog\/wp-content\/uploads\/Special-Alliance-Play-1200x480-1.jpg","width":1200,"height":460,"caption":"Microsoft 365 attack"},{"@type":"BreadcrumbList","@id":"https:\/\/www.sherweb.com\/blog\/security\/microsoft-365-attack-surge\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.sherweb.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.sherweb.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Defend your Microsoft 365 accounts: Navigating the surge in attacks and how to shield your business"}]},{"@type":"WebSite","@id":"https:\/\/www.sherweb.com\/blog\/#website","url":"https:\/\/www.sherweb.com\/blog\/","name":"Sherweb","description":"More than a cloud marketplace","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.sherweb.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.sherweb.com\/blog\/#\/schema\/person\/9d7eaf664a5d618b082f0a8454c779f5","name":"Guillaume Boisvert","description":"Guillaume identifies and evaluates new solutions and product features that help Sherweb and its partners grow and compete. Responsible for the growth and development of Office Protect, Sherweb\u2019s security add-on for Microsoft 365, Guillaume leads the team responsible for building and commercializing the company's in-house security offering. He has almost two decades of experience developing software-as-a-service (SaaS), both as a technical lead and as a product manager.","sameAs":["https:\/\/x.com\/https:\/\/twitter.com\/GoGreenwood1"],"url":"https:\/\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\/blog\/author\/guillaumeboisvert\/"}]}},"tag_names":["Office Protect","Cybersecurity","Microsoft 365 security"],"_links":{"self":[{"href":"https:\/\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\/blog\/wp-json\/wp\/v2\/posts\/24583","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\/blog\/wp-json\/wp\/v2\/users\/84"}],"replies":[{"embeddable":true,"href":"https:\/\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\/blog\/wp-json\/wp\/v2\/comments?post=24583"}],"version-history":[{"count":6,"href":"https:\/\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\/blog\/wp-json\/wp\/v2\/posts\/24583\/revisions"}],"predecessor-version":[{"id":25042,"href":"https:\/\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\/blog\/wp-json\/wp\/v2\/posts\/24583\/revisions\/25042"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\/blog\/wp-json\/wp\/v2\/media\/24586"}],"wp:attachment":[{"href":"https:\/\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\/blog\/wp-json\/wp\/v2\/media?parent=24583"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\/blog\/wp-json\/wp\/v2\/categories?post=24583"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/r-swca2-app15-sherwebblogprd-c5f5cbg9dbf0btgy.canadacentral-01.azurewebsites.net\/blog\/wp-json\/wp\/v2\/tags?post=24583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}