How can Office 365 phishing threats be addressed?

New WAF attack timelines show the start and end of a threat.
No more logs. See how →

Office 365 phishing threatsWith the rapid expansion of Office 365, more and more threats can emerge within its infrastructure, particularly via email. This is due in part to the size and ease of compromising Office 365 accounts and comes to the detriment of the same broad audience among which Office 365 has seen such massive adoption.

Office 365 email security is now a common concern among many organizations small and large alike for exactly this reason. Some vendors have estimated that up to 35% percent of organizations are either using or have actively solicited third-party Office 365 email security, while a 2017 Osterman Research report stated that 41% of Office 365 organizations are unsure of what to do when it comes to supplementing their Office 365 security stack – particularly because the one-stop-shopping aspect of Microsoft’s security offerings fails to surface many of the email threats currently inherent to Office 365.

The primary threat to consider in this case is the frequency of phishing attacks within Office 365. While no global statistics are available from Microsoft, the frequency of phishing within Office 365 is estimated to cost the average organization 1.3 compromised accounts each month via unauthorized, third-party login using stolen credentials. While this adds up to nearly 16 compromised accounts per year per organization, the risks they pose are much higher.

For instance, Vircom’s threat intelligence indicates that the majority of accounts compromised within Office 365 fall victim to previously compromised Office 365 accounts. While it’s unlikely that we can ever determine an Office 365 “patient zero”, it’s clear that the ability of the threat to spread is the problem. This could have massive implications for Office 365’s 120 million commercial customers and its 1-billion-plus users, primarily because as more of those users are compromised, the risk of compromise also increases for every other user and organization.

While phishing within Office 365 isn’t yet a massive problem for most organizations, but with cyber criminals increasingly relying on advanced phishing techniques, it may become one. For example, would you enter a crowded theatre knowing that 1.3 of the theatre-goers were carrying a brutal virus you had little immunity against? With the general rate of email fraud and threats growing almost like a disease, one form that is causing particular harm within Office 365’s infrastructure is bound to affect any organization that subscribes to the platform.

Office 365 phishing threats

This is one example of phishing messages commonly received by Office 365 users, delivered via a compromised account imitating Office 365’s automated password confirmation emails in order to compromise credentials.

Office 365 phishing threats

Another example of Office 365 phishing – this executed via a compromised account imitating a Microsoft OneDrive notification that is actually carrying ransomware masquerading as a PDF.

From only outside appearances, it can be hard to imagine why messages are passing between Office 365 tenants unfiltered. Is Microsoft’s security team simply missing the mark or busy addressing larger, unseen issues? Is Office 365 simply too large to remain a safe ecosystem out-of-the-box for most of its commercial customers? Is Microsoft whitelisting all Office 365 tenants, meaning that phishing messages from compromised accounts are never even subject to the scrutiny of a filter? Google doesn’t seem to have the same issues with GSuite filtering, so why is Microsoft in such dire straits?

The prevalence of Office 365 phishing and frequency of account compromise means that every time an account is compromised within Office, 365 each user and organization faces incrementally more risk. The potential for the runaway buildup of compromised accounts upon compromised accounts poses an exponentially greater risk to infect organizations within the Office 365 infrastructure, except of course for those that choose to use a 3rd party email security solution at their email gateway.

Cloud email security can be crucial to protecting your investment in Office 365. Effective 3rd party filtering can limit the possibility of phishing and compromised accounts within Office 365’s infrastructure to create costs for your organization. Whether it’s fraudulent transactions, compromising accounts, or infiltrating your networks with malware and ransomware, given the current state of Office 365, 3rd party email security is likely the most effective means to limit security risks.

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.