Attacks on the Rise Through Office 365

Office 365's ubiquity has made it a major target for phishing and business email compromise campaigns that exploit misconfigured accounts and weak credentials to set mail-forwarding rules, harvest credentials via spoofed sites, and distribute malware through legitimate SharePoint/OneDrive links; the report outlines risk drivers (default non-expiring passwords, disabled auditing, extra-cost security features) and prescribes mitigations including MFA, audit logging and retention, mailbox auditing, VPN/IP restrictions, ATP, and use of third-party SOC services.