A decade after Office 365’s launch, attackers find new ways to exploit and bypass cloud suite defenses
Area 1 Security, the first and only preemptive cloud email security provider, published the results of “1 Million Ways Attackers Breach Office 365 Email,” a new study analyzing nearly 1.5 billion messages sent to customers that use Microsoft as their email provider. Over the six-month period from March to August 2020, Area 1 found that over 925,000 malicious emails bypassed Office 365 and well-known secure email gateways (SEGs).
In one example where a customer layered Office 365 with an SEG, more than 300,000 malicious messages were still missed.Tweet this
As detailed in the report, attackers increasingly use highly sophisticated, targeted campaigns like Business Email Compromise to evade traditional email defenses, which are based on already-known threats. Attackers also often use Microsoft’s own tools and branding to bypass legacy defenses and email authentication (DMARC, SPF, DKIM).
Other key findings include:
- In one example where a customer layered Office 365 with an SEG, more than 300,000 malicious messages were still missed;
- There was a steady increase in targeted Business Email Compromise (BEC) attacks — including Type 3 (account takeover-based) BECs and Type 4 BEC (supply chain phishing), which would have amounted to several billion dollars in potential losses; and
- Spoofed senders and newly registered domains (NRDs) accounted for 71.7 percent of the missed email threats;
- The summer months saw a sharp increase in phishing, as attackers took advantage of coronavirus-related misinformation and remote workforce transitions.
Since Microsoft unveiled its cloud-based Office 365 platform in October 2010, its user base has continued to grow, now surpassing 258 million paid Office 365 business seats. While Microsoft continues to make Office 365 security improvements and can even exceed the best anti-spam and antivirus providers, cyber threat actors have evolved accordingly. For example, Area 1 has intercepted a number of credential harvesting phish exploiting cloud tools like Microsoft SharePoint and Microsoft Planner.
As noted in the Gartner 2020 Market Guide for Email Security1 (ID: G00722358), “As organizations move to cloud email, it’s easier for attackers to target users with phishing attacks posing as log-in screens in order to harvest credentials. They then use those credentials to launch further account-takeover-based attacks that can include other collaboration tools. Organizations need to ensure that both internal and external email is secured as well as collaboration tools that are being used.”
“Millions of organizations have achieved immeasurable productivity and efficiency thanks to the cloud. However, it’s evident that attackers have also adopted cloud suites to launch productive, efficient phishing campaigns,” said Patrick Sweeney, CEO and president of Area 1 Security. “It’s critical to proactively stay ahead of evolving cyberattacks with techniques that identify phishing threats as they’re being built — before they’ve been launched.”
Area 1 Security, a Representative Vendor for Integrated Email Security Solutions, is a leader in migrating customers from traditional SEGs to cloud-native email security — an estimated $10B total addressable market. On average, its solution prevents 30 percent more phishing attacks than traditional email defenses, and its customers typically spend 90 percent less time on phishing incident response and remediation. Area 1 is on pace to stop nearly $1B in active BEC fraud in 2020 alone.
Area 1 Security’s recommendations for effectively defending against cloud email threats include:
- Zero-Trust Email: Adhere to a Zero-Trust-Email approach, which should serve as a baseline for an email security strategy. All email, especially ongoing interactions with external partners and suppliers, should be considered areas of compromise.
- Comprehensive email security techniques: These should include AI and Machine Learning (ML) models, computer vision, Natural Language Understanding (NLU) and intent analysis, among other advances.
- Creating an automated social/partner graph for your organization: Identify your partner organizations and perform universal message classification to understand the natural interactions the organization has with the rest of the world.
- Combining preemptive threat data, message sentiment analysis and conversational context analysis: This provides a high level of accuracy into the malicious detections, especially in cases where a partner has been compromised and becomes the source of targeted phishing attacks.
To learn more, download the “Phishing with the Cloud: 1 Million Ways Attackers Breach Office 365” report here.
1Gartner, “Market Guide for Email Security,” Mark Harris, Peter Firstbrook, Ravisha Chugh, 8 September 2020.
Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.