Security News > 2020 > October > Attackers finding new ways to exploit and bypass Office 365 defenses
Over the six-month period from March to August 2020, over 925,000 malicious emails managed to bypass Office 365 defenses and well-known secure email gateways, an Area 1 Security study reveals.
Attackers increasingly use highly sophisticated, targeted campaigns like business email compromise to evade traditional email defenses, which are based on already-known threats.
Attackers also often use Microsoft's own tools and branding to bypass legacy defenses and email authentication.
As noted in the Gartner 2020 Market Guide for Email Security, "As organizations move to cloud email, it's easier for attackers to target users with phishing attacks posing as log-in screens in order to harvest credentials. They then use those credentials to launch further account-takeover-based attacks that can include other collaboration tools. Organizations need to ensure that both internal and external email is secured as well as collaboration tools that are being used."
Recommendations for effectively defending against cloud email threats Zero-trust email: Adhere to a zero-trust-email approach, which should serve as a baseline for an email security strategy.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/38oe5G2__mY/
Related news
- 65% of office workers bypass cybersecurity to boost productivity (source)
- Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses (source)
- PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files (source)
- Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (source)
- Microsoft fixes bug behind random Office 365 deactivation errors (source)