Businesses today have never been more conscious of the threat of cyberattack, fuelled by an explosion in malware and ransomware attacks. Faced with more sophisticated cybersecurity protection, criminals are instead turning to low-cost attack methods with potentially high returns, such as phishing.
Phishing is where a criminal poses as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information (PII), banking and credit card details, or passwords.
The method is now so common, Microsoft Office 365 Advanced Threat Protection (ATP) reports phishing was the number one threat for Office 365 users in the second half of 2017.
Based on threat intelligence from Office 365 ATP and Exchange Online Protection, the Microsoft Office 365 security research team detected around 180-200 million phishing emails every month.
The research team saw about 30 percent of domain spoof attacks based on Office 365 deployments.
More than 75 percent of phishing mails include malicious URLs to phishing sites. Other variations include malicious phishing attachments and links in attachments.
Phishing mails impersonate popular brands, including Microsoft associated brands such as Office 365.
Although user impersonation and domain impersonation techniques were low in volume, they were high-severity attacks.
Internal Safe Links
The good news is that Microsoft has added to its already extensive anti-phish stack in Office 365.
In addition to recently introduced anti-impersonation and anti-spoofing capabilities which help stop sophisticated spear phishing and email spoofing campaigns, Microsoft has now announced the roll out of ‘Internal Safe Links’ for Office 365 ATP.
Internal Safe Links protects your customers from attacks when hackers gain access to an internal enterprise account and use it to launch a phishing campaign on internal users. This is one of the more successful ways in which criminals access a company’s systems, as users are far more likely to click on links in an email sent from a fellow employee in their organisation than from an external source.
Phishing with compromised internal accounts can be used by hackers to move laterally across your customer’s organisation and gain a stronger foothold into the enterprise. They can penetrate deeper into the organisation, harvesting more user credentials, PII, and even intellectual property.
With Safe Links protecting internal emails, Office 365 ATP helps greatly reduce, and even eliminate, this phishing technique.
In addition, Office 365 ATP is the only threat protection service that can provide internal email scanning without routing emails outside the compliance boundary of Office 365. This provides Office 365 ATP customers with a critical advantage since their emails will always remain within the Office 365 Compliance Boundary, which is especially important when you talk to your customers about the upcoming General Data Protection Regulation (GDPR), where compliance requirements are will be scrutinised.
Other solutions offering intra-org email link scanning must route emails outside the Office 365 Compliance Boundary. This approach creates a gap in maintaining the compliance standards guaranteed by Office 365. It also adds unnecessary complexity to email routing since they must leave the Office 365 boundary to scan links for internal emails, affecting enterprise mail flow, and potentially causing email delivery delays, incorrect setup of mail flow, and even undelivered email.
“As the level of cybercrime has significantly increased in recent years, Microsoft and Vuzion have together invested in helping to secure our customers against a growing range of threats and types of attack. These latest additions to Office 365 ATP help ensure partners’ end customers are protected from even more phishing attack variants delivered in one, advanced Microsoft solution,” said Michael Frisby, Managing Director of Vuzion.