Threat intelligence teams know that cyberattacks are most frequently conducted via email, and they know many simple attacks can be successful with the right blend of human error and obfuscated malware in compressed file formats.
On top of this industry fact, Mimecast researchers uncovered data from October 17-23, showing the most frequently used and increasing attack method (excluding spam) was impersonation. Analysis suggests this is likely taking place because of the overall improvement in email security solutions’ ability to detect and stop these attacks, causing some threat actors to change tactics towards toward more persuasive impersonation attack method in an attempt to successfully exploit their targets.
“Malware threats are evolving as we speak," said Carl Wearn, head of e-crime at Mimecast. "Increasingly URLs redirect victims to malicious sites, or URLs download malware from a remote site in attempts to evade detection.
As an extension of this evolution, Wearn said, attackers are now using deceptive file type extensions into the email title field, such as "receipt.pdf" when, in fact, a .DOC is attached.
Corroborating these detections is a recent discovery by Heimdal Security, which found “evidence of a new Microsoft phishing campaign which is targeting Office365 users in particular, but general computer users with a Microsoft account as well.”
The phishing pages appear to be from OneDrive or another official Microsoft page, asking the user to open the work-related attachment, such as a report or invoice. However, researchers at Heimdal report that this particular campaign has a more dangerous and targeted twist: it relies on compromised LinkedIn accounts to spread the message.
Enhancing Office 365’s Cyber Resilience
Threat reports and new vulnerability discoveries are a critical piece for threat intelligence teams, as they help to provide awareness of attack campaigns and their evolution. As they gain this awareness, companies can build cyber resilience into Office 365 in the following ways:
- Protect against phishing. Email is the number one cyber attack vector, meaning companies of all sizes need additional security protection beyond what’s included in the predictable costs and simplicity that Office 365 offers. Without additional defenses, businesses remain vulnerable because of exploits aimed at their end users.
- Get true backups. Attacks happen, and as they become more sophisticated the chance of human error increases, opening the door for attackers. When attacks do happen, companies with backups can retain access to email and business records during an attack to be able to recover immediately afterward. An example of this in action recently was in the now infamous Baltimore cyber attack earlier this year. According to DarkReading’s Jai Vijayan, “The government of Baltimore reportedly lost a lot of key data in ransomware attacks earlier this year because it did not have basic policies for backing up employee systems.” Because the attack resulted in millions of dollars in damages and shut down vital city services, the Baltimore cyber attack may be an extreme example, but the costs associated with data loss, productivity, and revenue can be just as severe for major enterprises. In addition, Mimecast Sales Engineer Mikey Molfessis notes, “the volume of users on cloud-based email services such as Office 365 means there is more malware created for these environments. Criminals know they have only one lock to pick to gain access, so they focus their attention on these email cloud services because of the potentially large payoff.”
- Improve admin efficiency. According to Osterman Research’s Ten Questions to Ask About Your 365 Deployment, Microsoft Security and Compliance provides administrators with only a piecemeal view of the threats their organizations face across various threat vectors. This puts the onus on administrators to manually correlate issues to gain a full picture view of the environment’s threats. By adding an advanced email security protection to Office 365, administrators can improve efficiency with one single interface for security, continuity and archives.
- Ease the transition to Office 365. Hybrid environments are the way forward for many organizations, particularly at the large enterprise level; these companies use combinations of both cloud-based and on-premises email management systems. However, for companies whose goal is to move completely to the cloud, the transition can be time-intensive. As a result, the ability to secure multi-platform, multi-vendor email environments is essential.
- Get redundancy during email platform outages. Office 365 is known for its global, long-term, continuity; however, disruptions at the local level can happen. According to the Osterman Research report, “Even short outages can have serious consequences. For example, users who cannot send email using their corporate Office 365 account will often revert to their personal email account to conduct business, thereby bypassing corporate security and increasing the likelihood that dangerous content – such as phishing attempts that contain malicious links or attachments – will reach end users. In addition, business records in email will not be captured by the enterprise archiving or backup systems. The use of a secondary, backup solution that will maintain the continuity of email processing is an important addition that will help organizations remain both secure and compliant during an Office 365 outage.”
Email is at the intersection of a high amount of risk. That risk will only rise as attackers learn to better evade detection systems. Given that Office 365 has 162 million users as of January 2019, and email is Office 365's most intensively used service, the time for enhanced cyber resilience within Office 365 is now.
Want more great articles like this?Subscribe to our blog.
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly