Based on the millions of attacks stopped and analyzed by Agari, Microsoft itself rises to the top when it comes to impersonation in identity deception-based email attacks. Today, 44% of brand deception attacks display the name of a Microsoft service as a way to deceive victims.
Whether it’s a malicious email disguised as a Microsoft Office 365 password update, or an invitation to edit a OneDrive document linking to a spear-phishing page, the Microsoft ecosystem can be a key enabler for attacks on any organization. And as more businesses transition to the cloud, it also makes for a target-rich environment.
Inherent Threats in Cloud-Based Email
Display name deception is exceptionally easy within cloud-based environments, and building target lists is simplified since organizations are all within a searchable directory. When criminals succeed at infiltrating an O365-based email account, they gain a powerful launching pad for new attacks.
By leveraging a ubiquitous and trusted infrastructure, cyber thieves can continuously test attack methodologies until they’re able to successfully circumvent security controls. And since users are frequently prompted to log in to connected services such as SharePoint, OneDrive, and Azure, phishing attacks aimed at harvesting credentials to these services can go unnoticed.
Once access is gained to a compromised account owner’s contacts and archived messages, hackers are free to launch executive impersonation scams, request fraudulent wire transfers, steal valuable IP, and redirect employee paychecks, amongst other crimes. By taking it one step further, fraudsters are also able to wage fresh identity deception-based email attacks on outside organizations, using legitimate accounts to target both internal and external victims.
For organizations that have made the transition to hosted email services, these factors should serve as ample warning about the rapidly evolving threats targeting their cloud-based email operations—as well as the need for a new paradigm for email security.
As organizations modernize their email infrastructures by transitioning to cloud email platforms, they shed layers of costly infrastructure from on-premises equipment, software, and maintenance resources.
Currently, more than half of all organizations have moved their email in the cloud with services like Microsoft Office 365 and G Suite, where much of the core functionality of legacy SEGs and APDs has been built directly into the platform.
Many capabilities of the traditional secure email gateway such as anti-spam, anti-virus, and malware protection are now being delivered in new cloud email platforms. This is a natural and expected evolution that is commonplace across all IT applications. It simply makes sense to develop new technologies in a better way than the preceding technologies, and in the case of email, this means integrating services into the base platform that in the past were bolted on.
Designed to assess incoming emails by analyzing content and infrastructure reputation, these platform native controls are proving essential to ferreting out spam, malicious URLs and malware, certain keywords, or a high volume of attacks from a single IP.
The Capabilities Built into Cloud Email
Today, nearly all the functionality of the legacy secure email gateway has been integrated as native capabilities of platforms such as Microsoft Office 365, G Suite, and others. In a recent Gartner report, Microsoft actually scored higher than all the major SEGs for anti-malware and anti-spam features.
Mail Transfer Agent: Message routing is core to email and as organizations leverage Office 365 to manage all their mailboxes globally, they need the flexibility to define email delivery paths. Microsoft’s integrated MTA allows each organization to set up complex mail flows to ensure email delivery complies with specific regulatory or business needs.
Anti-Virus, Spam, and Graymail Filtering: For years, Microsoft trailed in anti-virus, spam, and graymail filtering efficacy. However, through on-going research and integration of several anti-virus and antispam engines focused on zero-day spam variants, URL analysis, bulk email categorization, and accelerated signature database updates, Microsoft has achieved parity to industry leaders.
Data Loss Prevention, Encryption, and Archiving: Microsoft recognized that in order to achieve full adoption of the Office 365 product suites, organizations needed help meeting compliance requirements associated with their business. The DLP, encryption, and archiving integrations native to Office 365 enable organizations to limit the exchange of sensitive data, ensure that authorized data is sent securely, and preserve a record of all email sent and received for legal purposes.
Enter: The Secure Email Cloud Architecture
While Office 365 covers each of these elements of security, it is not prepared to stop the next generation of email threats. This is why a new security infrastructure should be included—one purpose-built to layer on top of Microsoft Office 365 and other cloud-based email to prevent identity-based threats and other zero-day attacks.
Today, the increasing sophistication of these attacks is calling into question not only the efficacy of the on-premises SEG, but the return on investment thesis as well. Considering that the cloud email platforms already provide the basic email security features of the SEG, more organizations are finding that pairing Office 365 with new Secure Email Cloud Architecure provides higher efficacy at lower cost.
The Secure Email Cloud Architecture supports a next-generation approach to advanced email security, using realtime intelligence informed by trillions of emails flowing across the globe to continually detect incoming threats, as well as those that activate post-delivery. This differs in several remarkable ways from legacy security controls and adds to the built-in controls in cloud-based platforms to include a higher layer of protection.