PiChris - Fotolia
Most administrators who have the unenviable task of preventing intrusions and data breaches know full well that traditional antispam or antivirus tools are just not adequate.
Bad actors are always on the prowl, continuously launching new, more sophisticated attacks to steal user credentials or deceive users to get money wired to a criminal's account. But as these phishing attacks increase in frequency, organizations on Microsoft's Office 365 platform see the company take serious steps to keep its subscribers more secure. On the flip side, the new technologies are advanced and sophisticated, which require administrators to understand how to use them and learn the proper implementation of them to avoid misconfigurations.
Based on one statistic released during the 2018 Ignite conference, Microsoft said the email security features on Office 365 blocked more than 5 billion phishing emails that year. That number should motivate Exchange administrators to implement email protection systems at their disposal to ward off ever-changing threats. Microsoft, Barracuda, Proofpoint and other vendors have developed sophisticated Office 365 phishing protection offerings, but there is no bulletproof measure to prevent an intrusion. IT workers need to stay up to date on the types of dangers and the types of tools that can stop them.
Bespoke threats show the depths cybercriminals will take to get funds
The goal of a cybercriminal is to deliver a payload via email that leads to a data breach, money transfer or ransomware situation. The attacks have grown increasingly sophisticated. Bad actors will often perform reconnaissance to determine what technologies and applications exist in their target and then build a customized email designed to deceive the end user.
In one security incident I encountered, a new hire from a small company received an email requesting them to purchase $1,000 worth of Google Play gift cards for use at an upcoming event. The email appeared to come from the employee's manager and did not arouse any suspicion. The phishing attempt failed when the employee called the manager for confirmation and discovered it was a scam.
This example highlights how difficult it is to detect and protect from advanced phishing techniques. But before IT starts shopping for a suite of security products in the marketplace, admins already on either Exchange Online or the full Office 365 platform should examine the latest integrated services from Microsoft.
Microsoft pours more resources into Advanced Threat Protection
The new set of protections available as part of Office 365 Advanced Threat Protection and its enhanced antiphishing defense include the following:
- Protections against spoofing and impersonations: Administrators get the ability to detect and block spoofing and impersonation attempts of their domains and users. The system attempts to reduce some of the commonly used phishing attempts that mimic an email sent from an executive or employee to another individual in the organization with instructions to open an attachment, visit a website or transfer funds.
- Content detonation and protection: Early iterations of this feature scanned content prior to the email going into an end user's inbox to block content that can cause harm to the user and the organization's systems. Microsoft added new features that detect text lures that encourage users to click on a link that could lead them to malicious content.
- Content evaluation across multiple platforms: Cybercriminals, not content to limit themselves to email-based attacks, have branched out to OneDrive and SharePoint. A common method is to introduce malicious files shared through those platforms with hijacked credentials. Once there, users will assume the content is safe since it is an internal resource that's part of their intranet. To help protect against that, Microsoft offers file detonation in OneDrive and SharePoint.
- Phishing vulnerability assessment: Thanks to the popularity of products like KnowBe4 that send test phishing emails and track which users took the bait, Microsoft developed its own version of an attack simulator for Office 365. The administrators can launch similar phishing attempts to identify which users will require training to spot these dangerous emails and how to avoid them. This feature is a must-have for any administrator to help increase end-user awareness.
Despite some of the advanced capabilities that are available with the Office 365 suite and some of its security add-ons, administrators need to take adequate steps to understand what the implications are when it comes to setting up filters and policies that could inadvertently block sensitive content that is meant to be shared internally, such as medical records, Social Security numbers or banking details.