Talk With an Expert

The Poisoned Postman: Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment

The Poisoned Postman: Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment (PDF, 2.54MB)Published: 30 Sep, 2020
Created by
Rebel Powell

Modern attack techniques frequently target valuable information stored on enterprise communications systems, including those hosted in cloud environments. Adversaries often look for ways to abuse tools and features in such systems to avoid introducing malicious software, which could alert defenders to their presence (Crowdstrike, 2020). While on-premise detection strategies have evolved to address this threat, cloud-based detection has not yet matched the adoption pace of cloud-based services (MITRE, 2020). This research examines how adversaries can perform feature attacks on organizations that use Microsoft Office 365's Exchange Online by exploring recent advanced persistent threat tactics in Exchange on-premise environments and applying variations of them to Exchange Online's Compliance and Discovery features. It also analyzes detection strategies and mitigations that businesses can apply to their systems to prevent such attacks.

The Poisoned Postman: Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment