October 7, 2015 By Shane Schick 2 min read

Security researchers have discovered a new cybercriminal approach that takes advantage of Microsoft’s webmail server to gain access to corporate systems and potentially steal information.

Webmail Servers Are Vulnerable

Israel-based firm Cybereason outlined the details of its findings, which showed how Outlook Web Access (OWA), the webmail server associated with Microsoft’s popular email client, was the target of at least one incident involving an unnamed public service organization in the U.S. The attackers were able to exploit the fact that OWA works as a sort of middleman between the Internet and internal systems by uploading a DLL file that opened a backdoor when users authenticated into the system. Cybercriminals were then able to spread malware every time the server restarted. This could provide cybercriminals with access to passwords and other critical data, SecurityWeek reported.

As more employees work outside the office via mobile devices, many companies are increasingly looking at OWA, Gmail and similar programs as a way to enable remote access to email. However, the Microsoft webmail server is unique in the way it sits between the public-facing Internet and a business’s IT systems, SC Magazine explained.

Depending on the configuration and the number of endpoints across which scripts have been put into place, cybercriminals can gain domain credentials that give them disturbingly deep access over user identities. In this case, Cybereason suggested the organization it profiled had been compromised for months.

Cybercriminal Workarounds

Of course, the OWA webmail server isn’t the only such system prone to attack. Just a few months ago, The Register reported on how researchers discovered a man-in-the-middle vulnerability in a Samsung smart fridge, which could potentially steal Gmail logins. Given that few organizations will want to go back to the days when you could only access messages at your desk, however, IT departments will need to come up with ways to better protect corporate users.

Infosecurity Magazine offered a few helpful suggestions. First, organizations need to make sure all endpoints, including not only webmail servers but databases and Active Directory servers, are monitored regularly for anomalies. Second, CISOs and their teams could have a process in place to respond to any suspicious activity and verify whether, for example, a DLL file is legitimate or not. Finally, they should recognize that advanced persistent threats like this one will likely be outside the norm of what they’ve experienced in the past. As the Cybereason research proves, cybercriminals seem to be finding new ways into the network every day.

More from

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

Cybersecurity Awareness Month: Horror stories

4 min read - When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior.October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to share some of their most memorable and haunting cyber incidents. (Names and companies are anonymous to avoid any negative impact. Suffering a cyber incident is bad…

Is AI saving jobs… or taking them?

4 min read - Artificial intelligence (AI) is coming to take your cybersecurity job. Or, AI will save your job. Well, which is it? As with all things security-related, AI-related and employment-related, it's complicated. How AI creates jobs A major reason it's complicated is that AI is helping to increase the demand for cybersecurity professionals in two broad ways. First, malicious actors use AI to get past security defenses and raise the overall risk of data breaches. The bad guys can increasingly use AI-based…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today