Threat intelligence teams know that cyberattacks are most frequently conducted via email, and they know many simple attacks can be successful with the right blend of human error and obfuscated malware in compressed file formats.

blog_March 28_2017_image.jpg

On top of this industry fact, Mimecast researchers uncovered data from October 17-23, showing the most frequently used and increasing attack method (excluding spam) was impersonation. Analysis suggests this is likely taking place because of the overall improvement in email security solutions’ ability to detect and stop these attacks, causing some threat actors to change tactics towards impersonation attacks in an attempt to successfully exploit their targets.

Industry-wide, impersonation attacks are becoming more persuasive than coercive.

“Malware threats are evolving as we speak; increasingly URLs redirect victims to malicious sites, or URLs download malware from a remote site in attempts to evade detection,” said Carl Wearn, head of e-crime at Mimecast. “As an extension of this evolution, attackers are now putting deceptive file type extensions into the email title field e.g. email titled as receipt.pdf but in fact with a .DOC attached.”

Corroborating this detection data is a recent discovery by Heimdal Security, which found “evidence of a new Microsoft Phishing Campaign which is targeting Office365 users in particular, but general computer users with a Microsoft account as well.” The phishing pages appear to be from OneDrive or another official Microsoft page, asking the user to open the work-related attachment, such as a report or invoice. However, researchers at Heimdal report that this particular campaign has a more dangerous and targeted twist: it relies on compromised LinkedIn accounts to spread the message.

Enhancing Office 365’s Cyber Resilience

Threat reports and new vulnerability discoveries are a critical part of threat intelligence units, helping to provide awareness of campaign evolutions to be able to shore up defenses accordingly. One of the more evergreen ways this can be done is to build cyber resilience into Office 365. This can be done in the following ways:

  1. Protect against phishing. Email is the number one cyberattack vector, meaning companies of all sizes need additional security protection beyond what’s included in the predictable costs and simplicity that Office 365 offers. Without additional defenses, businesses open countless opportunities for exploits to be successful.
  1. Get true backups. Attacks happen, and as they become more sophisticated the chance of human error increases, giving way for attackers. When these do happen, retain access to email and business records during an attack to be able to recover immediately afterward. An example of this in action recently was in the renowned Baltimore cyber attack. According to DarkReading’s Jai Vijayan, “The government of Baltimore reportedly lost a lot of key data in ransomware attacks earlier this year because it did not have basic policies for backing up employee systems.” The Baltimore cyber attack may be seen as an extreme example, but the costs associated with data loss, productivity, and revenue can be in line with major enterprises in a similar situation. In addition, Mikey Molfessis of Mimecast in South Africa, he notes “The volume of users on cloud-based email services such as Office 365 means there is more malware created for these environments. Criminals know they have only one lock to pick to gain access, so they focus their attention on these email cloud services because of the potentially large payoff.”
  1. Improve admin efficiency. According to Osterman Research’s Ten Questions to Ask About Your 365 Deployment, administrators receive only a piecemeal view of the threats that face their organization across various threat vectors from Microsoft Security & Compliance. It puts the onus on administrators to manually correlate issues to gain a full picture view of the environment’s threats. Instead of this time-consuming task, with Mimecast cyber resilience capabilities baked in to Office 365, administrators can improve efficiency with one single interface for security, continuity and archives.
  1. Ease the transition to Office 365. Hybrid environments are the way forward for many organizations, particularly at the large enterprise level; these companies use combinations of both cloud-based and on-premises email management systems. However, even for companies whose goal is to completely transition to the cloud, the transition can be time-intensive. As a result, the ability to secure multi-platform, multi-vendor email environments is essential.
  1. Get redundancy during email platform outages. Office 365 is known for its global, long-term, continuity; however, disruptions at the local level can happen. According to the Osterman Research report, “Even short outages can have serious consequences. For example, users who cannot send email using their corporate Office 365 account will often revert to their personal email account to conduct business, thereby bypassing corporate security and increasing the likelihood that dangerous content – such as phishing attempts that contain malicious links or attachments – will reach end users. In addition, business records in email will not be captured by the enterprise archiving or backup systems. The use of a secondary, backup solution that will maintain the continuity of email processing is an important addition that will help organizations remain both secure and compliant during an Office 365 outage.” Get peace of mind by ensuring email environments are fully mirrored in the Mimecast cloud.

Email is at the intersection of a high amount of risk. That risk will only rise as attackers learn to better evade detection systems. Given Office 365 is the single most successful cloud-based business service in the world, with 162 million users as of January 2019, and email is the service within Office 365 that most organizations use immediately and most intensively, the time for enhanced cyber resilience within Office 365 is now.

 

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Why You Need Scary Good Archiving

Reducing compliance nightmares, data los…

Reducing compliance nightmares, data loss horror stories and… Read More >

Emily Wojcik

by Emily Wojcik

Director, Global Archiving Campaigns

Posted Oct 29, 2019

How Malware from 2007 is Affecting Email Security in 2019

Recent Mimecast threat intelligence rese…

Recent Mimecast threat intelligence research has highlighted… Read More >

Renatta Siewert

by Renatta Siewert

Content Manager

Posted Oct 02, 2019

Office 365 Backup and Recovery in the Ransomware Era

The Old World Meets the New When It Come…

The Old World Meets the New When It Comes to Backup and Reco… Read More >

Garth Landers

by Garth Landers

Product Marketing Director, Archiving

Posted Nov 20, 2018