Microsoft 365 is the world's most popular productivity suite with more than 345 million users. Yet its popularity has caught the attention of cybercriminals. The company is the most impersonated corporate brand in phishing attacks. Microsoft has also drawn continued criticism from the US government for inadequate cybersecurity and failing to meet basic security standards. The value it provides to users—ease of use, convenience, and efficiency—has opened door for new vulnerabilities in an organization’s attack surface. Businesses now find themselves in need of enhanced Microsoft cybersecurity, especially for email.
In this article, we examine two important ways cybercriminals are targeting Microsoft 365, and the four email security solutions you need to protect your business and clients.
In 2022, Vade detected more than 22,500 unique phishing webpages impersonating Microsoft. The staggering total made Microsoft the most impersonated corporate brand—and #2 organization overall—in phishing attacks in 2022. Cybercriminals often send dozens, and sometimes hundreds or thousands of phishing emails containing the same unique phishing link, while a single domain can host thousands of phishing URLs.
If we look under the surface of this astonishing total, we find two important trends in how hackers are attempting to exploit Microsoft 365 and compromise more intended victims.
Productivity suites such as Microsoft 365 have changed how people use email. Today, individuals can now use an email message to directly open a document for editing, join an instant messaging feed, access large attachments, and more. As a result, many users treat email as the gateway to performing a variety of daily tasks.
And hackers appear to have taken notice. Vade continues to uncover phishing campaigns attempting to impersonate the integrations between Microsoft 365 applications. These campaigns often trick users into clicking malicious links that appear to be digital content embedded within the productivity suite, such as shared files or instant messaging feeds.
Phishing page impersonating OneDrive
Integration is an important value proposition of Microsoft 365. It's also a benefit that hackers are exploiting to create an appearance of legitimacy while evading detection by traditional email security tools.
Phishing email exploiting Microsoft 365 integrations
In Q4 2022, Vade detected a phishing campaign that exploits Microsoft tools to disguise malicious webpages. The scheme sends a phishing email to users that contains a link to a productivity application.
Intermediary page used in phishing attack
Once users click on the link, it directs them to an intermediary webpage that displays nothing more than a phishing link, which points to a destination phishing webpage. The final webpage contains fields for harvesting user credentials and gaining access to Microsoft 365.
Destination phishing page
The attack is designed to trick email filters into scanning the intermediary page and marking the email as safe, without ever reaching the final phishing page. Without advanced email security, this phishing campaign can go undetected.
When a hacker compromises a Microsoft 365 account, the cybercriminal gains a foothold in your network to launch more targeted phishing campaigns and spear-phishing attacks.
This increases the need for solutions that not only safeguard email as the top attack vulnerability for network breaches but provides protections against the internal threats that may be transiting your networks.
Microsoft cybersecurity requires a comprehensive suite of advanced email security solutions designed to protect against the most dynamic zero-day threats. Here are four email security solutions you need for effective protection.
AI is seizing headlines for its strengths, weaknesses, and notable potential. Despite extensive media coverage, AI is often misunderstood. As a complex field and science, it isn't a silver bullet. In other words, AI solutions don't possess the same capabilities or provide equal value. They depend on several factors to work effectively and efficiently, including:
For example, Computer Vision provides protection against image-based threats, such QR codes designed to disguise malicious links or distorted logos that have been altered to bypass detection. Natural Language Processing models detect the subtle grammatical construction, words, and phrasing that characterize spear-phishing attacks. Together, these models protect against all kinds of email-borne threats.
In cybersecurity, security incidents are inevitable. No solution can block 100% of cyberthreats, highlighting the need for capabilities that allow you to respond to incidents when they occur. Effective incident response solutions combine three important elements.
This remediation relies on the AI filter engine to neutralize threats based on new intelligence. To work, the AI engine must provide native protection and sit within your internal environment, rather than external to your perimeter.
Your incident response depends largely on your threat intelligence and investigation activities. That's why you need solutions that support and enhance your ability to gather new intel, examine reported threats, and help you coordinate your evidence gathering.
Threat intelligence and investigation depends on three tools:
Because email is the top attack vector and the number one source of threat intelligence, you need solutions that integrate your email logs into any Security Information and Event Management (SIEM), Security Orchestration and Automated Response (SOAR), or Extended Detection and Response (XDR) system. This enables you to improve your intelligence gathering and response capabilities.
The number one cause of data breaches is human error. Considering that human interaction with cyberattacks occurs mostly through email, it's no surprise that phishing awareness training is one of the most important solutions you can implement.
But like AI solutions, security awareness training programs don't provide the same value. Their effectiveness depends on three factors.
Microsoft 365 empowers your teams with new capabilities for communication and collaboration. Yet it also exposes you to risks that present lasting consequences for your business.
As the most targeted business application in the world, the question isn't if but when you'll encounter the next cyberthreat targeting Microsoft 365. That's why you should adopt the Microsoft cybersecurity solutions that can provide advanced and ongoing protection.
Vade for M365 is a collaborative email security solution for Microsoft 365 that combines AI and human expertise to catch the dynamic threats that Microsoft misses.