Microsoft Office 365 has become the most widely used e-mail service in the market. Being the most popular and most used, it is also most abused by the hackers for stealing private data and enterprise information via phishing attacks. Based on a recent study conducted by ESG on behalf of Cisco, more than 80 percent of respondents reported that their organization is using SaaS email services. However, 43 percent of respondents still found that, after the move, they required secondary security technologies in order to shore up their email defenses.
Attackers are crafting and launching phishing campaigns targeting Office 365 users, wrote Ben Nahorney, a Threat Intelligence Analyst at Cisco.
Recently cloud security firm Avanan wrote in its annual phishing report, one in every 99 emails is a phishing attack, using malicious links and attachments as the main vector. “Of the phishing attacks we analyzed, 25 percent bypassed Office 365 security, a number that is likely to increase as attackers design new obfuscation methods that take advantage of zero-day vulnerabilities on the platform,” Avanan wrote.
“At first glance, this may not seem very different than external email-based attacks. However, there is one critical difference: The malicious emails sent are now coming from legitimate accounts. For the recipient, it’s often even someone that they know, eliciting trust in a way that would not necessarily be afforded to an unknown source. To make things more complicated, attackers often leverage “conversation hijacking,” where they deliver their payload by replying to an email that’s already located in the compromised inbox.” Nahorney stated.
The attack chain:
The chain of events usually plays out like this:
- Attacker sends a phishing email that appears to come from Microsoft or another trusted source.
- User clicks on link in the email, which brings them to a page mimicking the Office 365 login page.
- User enters login credentials, which are scooped up by the attackers.
- The fake page does nothing, says that the login is incorrect, or redirects the user to the real Office 365 login page.
Given this series of events, the user would be none-the-wiser that their credentials had been stolen.
Once logged in, nefarious activities can go on unnoticed as the attacker has what look like authorized credentials giving time for reconnaissance: a chance to observe and plan further attack without being noticed.
Top Measures to avoid these attacks:
- Use multi factor authentication to verify your user account while logging in.
- Deploy advanced anti-phishing technologies. It is very essential to stay u to date with the latest anti-phishing technologies which support detection of the newest phishing attacks in the market.
- Run regular phishing exercises. This will help to train employees by spreading awareness of the latest attacks and thus avoiding the same kind of attacks.
Email is the #1 Threat vector! Be it Ransomware, Spear Phishing, Domain Spoofing or Advanced Malware, Logix Cloud Email ATP safeguards you from all email-borne advanced threat attacks from this multi-tiered filters comprising of Advanced Malware Protection(AMP), BEC, Forged Email Detection & Cousin Domain Abuse.
Logix has helped over 1800 business enterprises across all business verticals from BFSIs, Government-owned PSU to large enterprises in devising & implementing their Logix Cloud Email Security ATP solution.