Cybersecurity in the company North Rhine-Westphalia State Criminal Police Office warns of phishing via Office 365 components

Many companies in Germany use Microsoft Office 365 on administrative and work computers. As part of an investigation by the North Rhine-Westphalia State Criminal Police Office, Office 365 users are warned that emails and document management are currently particularly affected by phishing attacks.

In the administration and management of a company in Germany, it is assumed that a solution is used for the tasks that arise, which should be familiar to almost every user: Office 365 from Microsoft. The suite includes, among other things, programs for receiving, processing, and sending emails (Outlook), the chat program Teams, the word processing program Word, the powerful calculation tool Excel, and many more solutions.

The popularity of the applications in the Office 365 package not only attracts many customers and developer support, but also offers a large target area for cybercriminals looking for the largest possible audience for spreading their harmful data and codes. Currently, the staff of the LKA North Rhine-Westphalia are warning users and communication partners of emails and document management via Office 365 about ways and means of introducing harmful files or links in emails.

Phishing links and malicious attachments in "official" emails

"In the course of current investigations by the State Criminal Police Office of North Rhine-Westphalia, it has been found that many companies are currently affected by cyber attacks on Office 365 (email and document management). These attacks pose threats to connected companies of the corporate network as well as to their customers and communication partners," they have been warning since May 21, 2024.

The investigations revealed that cyber criminals can take over email accounts and send them in the name of the affected companies. These emails contain dangerous attachments or links - so you should pay special attention before opening an attachment or clicking a link, whether you really need to call up the files or URLs; true to the motto "Better safe than sorry".

The people from the LKA point out that the attackers' emails are harder to identify than usual, as they contain no obvious spelling mistakes and even real, earlier conversations. "As soon as a recipient clicks on the links, the IT system can be attacked immediately, and there can be data loss or data theft as well as further attacks such as phishing attacks," it says.

Looking for VPN accesses from the beginning of the Corona pandemic

Furthermore, the hijacked email accounts are searched for information, primarily for VPN access data to non-public networks, as they were sent out within companies at the beginning of the Corona pandemic. If such login data is found, the attackers gain access to the company's IT network.

"Thanks to the investigations of the State Criminal Police Office of North Rhine-Westphalia, some companies have already been protected from further attacks such as encryption by ransomware and the associated blackmail. Without such cyber attacks, damages in the millions regularly occur," it continues. "If your corporate IT is affected by such Office 365 attacks or if employees have clicked on suspicious links or entered their access data, there is a high risk to your IT systems. This also applies if files have been downloaded from reputable platforms or from cloud services of large providers. The perpetrators are constantly updating their dangerous attachments, so existing virus scanners may not always be able to detect them."

The sensitization of employees, both in the professional and private environment, remains important to keep the potential damage caused by cyber attacks to companies low. Information on how to behave in the event of a security incident in your company can be obtained, among other things, from the Federal Office for Information Security (BSI). (sb)