Hackers Have It Out for Microsoft Email Defenses

Increasingly, cyberattackers are laser-focused on crafting attacks that are specialized to bypass Microsoft's default security, researchers say — which is going to require a shift in defense posture for organizations going forward.

"Many hackers think of email and Microsoft 365 as their initial points of compromise, [so they] will test and verify that they are able to bypass Microsoft’s default security," according to a new report from Avanan that flags an uptick in its customer telemetry of malicious emails landing in Microsoft-protected email boxes. "This does not mean that Microsoft's security got worse. It means that the hackers got better, faster, and learned more methods to obfuscate and bypass the default security."

Some of the eye-catching numbers in the report, gleaned from analyzing 3 million corporate emails in the past year, include:

About 19% of phishing emails observed by Avanan bypassed Microsoft Exchange Online Protection (EOP) and Defender.
Since 2020, Defender's missed phishing rates among Avanan's customers have increased by 74%.
On average, Defender sends only 7% of phishing messages received by Avanan customers to the Junk folder.
In good news: Microsoft flagged and blocked 93% of business email compromise attempts.
Microsoft catches 90% of emails booby-trapped with malware-laden attachments.

Again, the numbers speak to the evolution of phishing and the fact that attackers are increasingly using tactics like leveraging legitimate services to avoid including obviously malicious links in emails, using masking techniques like vanity URLs, and avoiding attachments altogether.

To defend themselves against these custom-built attacks, organizations can go to basic defense-in-depth approaches with four main prongs, according to Roger Grimes, data-driven defense evangelist at KnowBe4.

Those prongs include: A better focus on preventing social engineering, using a best defense-in-depth combination of policies, technical defenses, and education; patch software and firmware, especially any that are listed on CISA's Known Exploited Vulnerability Catalog; use phishing-resistant multifactor authentication (MFA); and using different, secure, passwords for every site and service where MFA cannot be used.

"There are no other defenses, besides these four, that would have the most impact on decreasing cybersecurity risk," Grimes says. "It is the world's lack of focus on these four defenses that has made hackers and malware so successful for so long."

Source: DarkReading

Sidebar

About The CISSP Certification

Certified Ethical Hacker Certification

Certified in Risk and Information Systems Control

Certified Information Security Manager Certification

Certified Information Systems Auditor Certification

CISSP Certification FAQs

Computer Hacking Forensic Investigator Certification

Free CISSP Practice exams

ISACA Code of Professional Ethics

Dual Ransomware Variants Impacting the Same Victims and Data Destruction Trends

Amplifying Automation with AI & Strong Security Measures

CommonSpirit Health cyberattack, month-long network outage cost $150M

‘Jackpot’: Hacker Snags TSA No-Fly List

Samsung Galaxy Store Flaws Can Lead to Unwanted App Installations, Code Execution

APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector

BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies

FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked

Report: Air-Gapped Networks Vulnerable to DNS Attacks

More

Certifications

Latest News

Share This

More

Follow us