I have been suspicious of Microsoft’s security for a while. This is why when it comes to in-house e-mail(which I do not recommend any longer especial if it is a Microsoft e-mail platform). I never really took a close look at OWA’s design but it really hasn’t changed much from previous designs. if you are running Exchange in house patch it immediately…if your software is still supported.
Attackers aiming for lateral movement inside an enterprise network have done well in the past to target domain controller credentials.
Researchers at Cybereason, however, have uncovered a targeted attack in which hackers were able to burrow onto the corporate network and steal thousands of username-password combinations via Outlook Web Access.
“Security professionals are very aware of the value of their domain-controllers, and consider those as the keys to the castle, without realizing that the OWA server gives essentially identical access,” said Cybereason CTO and cofounder Yonatan Striem-Amit.
The attack was carried out for months against an organization with 19,000 endpoints, and credentials for more than 11,000 user accounts were sniffed and stolen.
OWA enables remote access to Outlook and Exchange Server in organizations that wish to roll it out. And because it faces the Internet and internal infrastructure, it’s a tempting target for advanced attackers who wish to spy or steal on an organization’s activities.
“This configuration of OWA created an ideal attack platform because the server was exposed both internally and externally,” Striem-Amit said. “Moreover, because OWA authentication is based on domain credentials, whoever gains access to the OWA server becomes the owner of the entire organization’s domain credentials.”
– See more at: https://threatpost.com/targeted-attack-exposes-owa-weakness/114925/#sthash.zRnQYUgG.dpuf