Proofpoint Cloud Account Defense detects compromised Microsoft Office 365 accounts

Proofpoint announced the availability of Proofpoint Cloud Account Defense (CAD) to detect and protect Microsoft Office 365 accounts, preventing attackers from causing financial and data loss.

Cybercriminals have a way to compromise corporate email systems, this time by using brute force attacks to steal Microsoft Office 365 login credentials of corporate users and then logging in as an imposter on the system.

These hacking techniques work even if the company has deployed single sign on or multi-factor authentication (MFA) as part of their security system. Once the hacker has logged in masquerading as a real employee, they have a spectrum of choices while operating within a corporation’s email instance to cause financial harm and data loss.

The Proofpoint CAD solution helps organizations detect, investigate, and remediate Microsoft Office 365 compromises.

CAD provides user-centric visibility necessary to detect and investigate compromised accounts and thwart email account compromise (EAC) credential theft tactics including credential reuse, brute force attacks, and credential-stealing malware.

EAC tactics, combined with business email compromise (BEC) social engineering, are hallmarks of groups like the 70+ cybercriminals arrested during the recent Operation Wire Wire federal effort that recovered approximately $14 million in lost funds.

“It only takes one compromised Microsoft Office 365 account to unlock access to a virtual goldmine of confidential data and access—and we have seen a major increase in organizations losing both money and data to these attacks,” said Ryan Kalember, senior vice president of Cybersecurity Strategy for Proofpoint.

“Once an attacker compromises a trusted account, they can read a user’s email, look at their calendar, and launch internal phishing emails attempts from a trusted account. We’ve even seen these attackers go after targets with multifactor authentication by exploiting interfaces that do not support strong authentication in most deployments, such as Exchange Web Services and ActiveSync. Fortunately, CAD can detect these attacks by utilizing our extensive intelligence, stopping them before they can cause damage.”

Operating across the entire Microsoft Office 365 applications suite including email, SharePoint Online, and OneDrive, the CAD solution protects users, data, and financial assets on any network or device.

CAD empowers organizations to take a proactive approach when addressing risks associated with Office 365 that often evade other security detection methods. This is critical due to Microsoft Office 365’s wide array of integrated third-party applications.

With CAD, security teams can:

  • Detect compromised accounts: CAD studies the attacker’s footprint by combining contextual data like user location, device, and login time, with Proofpoint’s threat intelligence to establish safe baseline behaviors, detect compromised accounts, and flag suspicious behavior.
  • Investigate incidents with granular forensics: Organizations can investigate past activity and alerts through CAD’s intuitive dashboard using granular transaction forensic data such as user, date, time, IP, device, browser, location, threat, threat score, and more.
  • Defend Office 365 accounts with flexible policies: With insights from CAD’s detailed forensics, users can prioritize alerts based on severity to prevent alert fatigue while building flexible policies based on multiple parameters such as user, location, network, device, and suspicious activity.
  • Deploy quickly in the cloud: Proofpoint’s cloud architecture and integration with Microsoft Office 365 APIs enable organizations to quickly deploy and derive value from CAD.