Skip to main content

KnockKnock cyber-attack targets corporate Office 365 accounts

(Image credit: Image source: Shutterstock/alexskopje)

A major new cyber-attack named as KnockKnock has been detected currently taking place against Office 365 Exchange Online email accounts, according to Skyhigh Networks.

The cloud security firm is reporting that more than half of its customers are being attacked from 16 different countries. The interesting thing about this attack is that it's not targeting humans or their 'human' accounts, but rather machines. Under attack are corporate accounts, not tied to any human identity, which thus lack the usual advanced security measures such as two-factor authentication or recurring password reset.

The attacks started in May and are still ongoing, although Skyhigh says the bulk of attack happened in the summer months between June and August. So far, 63 different networks and 83 IP addresses have been used for the attacks.

Skyhigh has notified the affected parties and said that no data loss has been spotted.

“Normally, login attacks follow the ‘brute force’ template with widespread attempts made simultaneously across hundreds of corporate accounts, but KnockKnock reveals that more precise tactics are being deployed,“ commented Nigel Hawthorn, chief European spokesperson at Skyhigh Networks.

“By intelligently targeting accounts not linked to users, the attempts are far less likely to be red flagged or noticed by security, particularly if only one or two attempts are made at any one time; three failed login attempts often sets of alarm bells – just think about what happens to your phone if you forget your pin.”

“Businesses rely on a variety of tools that work together to produce a holistic cloud infrastructure but these connections require the creation of accounts that aren’t linked to a specific user. If companies don’t fully understand how their infrastructure works, hacker entry into one system could have a domino effect. For example, if actors manage to force entry into email accounts which, in turn, are linked to CRM or accounting solutions, suddenly an even bigger pool of corporate and customer data is at risk.”

“To ensure such accounts are awarded the same attention as other network vulnerabilities, firms must not only be aware of which and how systems are linked, but have the ability to monitor long-term login and user activity, so that attacks like KnockKnock are flagged.”

Image source: Shutterstock/alexskopje

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.