Some UK businesses are at risk from potential compromise of their Outlook Web Access platform, according to SecureData, a provider of cybersecurity services. This research serves to illustrate the potential impact of a new generation of hacking tools that escalate the impact of a compromised email address and password via the Outlook Web Access interface to full remote compromise of the corporate network.
The research suggests close to 0.5 per cent (one in 200) of all organisations in the study could be cracked using a combination of publically available email addresses from previous data breaches and poor password security behaviour by users, as they reuse passwords between professional and personal applications.
The researchers analysed 1.5million compromised email addresses from 173,000 organisations in the UK. SecureData says that it could crack 92pc of passwords, where the compromise included the hashed, or one-way encrypted password. From this sample of organisations, 1,226 could be identified as using Outlook Web Access. Assuming some users were reusing the same password (or password ‘scheme’) between their private and work accounts, as many as 868 organisations in the study are at immediate risk of simple, low-cost and sophisticated compromise of their network systems. Using the ratio of compromised organisations revealed in the research (0.5pc), it suggests as many as 53,000 of the 10.5 million .uk domain registrations in the UK could be similarly at risk.
With one billion newly breached email addresses exposed on the public web during 2016 (Source: haveibeenpwned.com), the SecureData team has highlighted this attack vector as a sleeping dragon of corporate network security and a style of exploit which they expect to increase in prevalence.
Charl van der Walt, Head of Security Strategy at SecureData says: “We developed this research as a vehicle to illustrate the increasing security challenge as employees mix their corporate and personal online universes. This is exacerbated by enterprise risk models that fail to appreciate how attackers view their business, reflecting instead their own view as to what is valuable.
“The prize here for the hacker is not just the email account itself, but the ability to write Outlook rules on the user’s desktop via OWA. The SensePost “Ruler” toolset shows how we can turn an OWA password compromise into full and persistent remote access to the network, with potentially devastating effect,” van der Walt continues. “Microsoft Exchange has been considered a relatively benign element of corporate IT, but it’s becoming more popular and valuable as a target. In addition, Exchange is exposed onto the Internet via OWA and put more at risk via weak or leaked email passwords. We wanted to highlight this simple exploit as a way to warn security managers not to under value what appear to be low-risk corporate assets.”
The cyber firm says that email address compromise has become more common and is often the intention of large-scale hacks (Ashley Madison, LinkedIn, YouPorn, Adobe etc). With the increasing supply of compromised email addresses available to hackers, organisations should be vigilant about the potential impact of these leaks, for example via an escalation of phishing attacks or password reuse attacks. Visit www.secdata.com.
