How to Prevent Office 365 Phishing Failures

For the millions who consider Office 365 only slightly less vital to life than oxygen, the notion that it can serve as a handy conduit for attackers is deeply alarming. The versatility and familiarity of Office 365 have made it a strategic resource — and a rich target. People think of Office 365 almost as a commodity —like electricity — and therein lies its vulnerability.

Once the concept of email phishing found its way into Office 365, a cybersecurity nightmare was born. With its convenient email ingress, Office 365 figures into the plans of nearly every bad actor on the globe. Last year, $1.7 billion vanished into criminal coffers as a result of Business Email Compromise (BEC) alone, with other scams readily playing a supporting role on the Office 365 stage.

Protecting the institution that is Office 365 presents a massive challenge. Employee inboxes are prime phishing targets, and criminals have duly adapted their methods to the cloud. Even Office 365 admins are targeted with admin-specific lures, such as updated billing requests, coming from legitimate domains.

Office 365 Defenses: Hard-working, Well-Intentioned—but Ineffectual

Commendably, Microsoft strives to meet the challenge, offering their Office 365 Advanced Threat Protection (ATP) add-on or integrating defenses provided by a separate secure email gateway (SEG). But the arduous, time-consuming process of tuning and adjusting to deny phish the inbox—a process which lacks accountability anyway—doesn’t inspire confidence. Not when there is a globe full of hackers simultaneously clawing and maneuvering their way back in.

It’s natural to turn to a SEG like Proofpoint, Symantec Email Security.Cloud or Cisco Email Security, with their industry tenure and good intentions. But SEGs regularly miss phish because they never were architected for Office 365’s cloud-based environment with its massive scalability and performance demands.

The single most powerful reason that SEG defenses miss phish is that they are not preemptive. They collect data from campaigns that have already launched their attacks and closed up shop. Additionally, many SEGs that purport to offer advanced threat protection rely on dynamic sandbox analysis of attachments/files and time-of-click URL analysis to detect new outbreaks. These costly add-on services are largely futile and even delay mail delivery—guaranteed to steam up end-users. Not to mention they don’t work against malware-less phish that rely  on social engineering and business process breakdowns.

So Office 365’s native defenses are simply outmatched. The spam filter is heroic at quarantining high volume, nuisance bulk mail. But the nature of phishing attacks—low volume and cleverly socially engineered like BEC—regularly arrive at the inbox. And the clock begins to tick on that fateful click.

File-less, link-less, impervious to SPF, DKIM, DMARC, and Office 365 email checks, BEC is positioned for jaw-dropping success. For example, threat actors can establish valid Office 365 accounts, or gain access to victim accounts, and easily launch campaigns from Microsoft’s own infrastructure. Office 365’s ATP add-on offers incremental benefit but doesn’t deliver a knockout punch, frequently missing multiple phishing campaigns.

It’s no wonder Gartner recommends investing in specific anti-phishing technology. The vulnerability of Office 365 demands deep understanding and singular focus on phishing—combined with the ability to quickly integrate and reinforce Office 365 protections.

Locking Phish Out Calls for a Specialist

Think of Area 1 as a hired paladin—a champion—fortifying Office 365 with a cloud-native defense. Area 1 deploys and integrates in minutes for seamless protection against phishing attacks.

Area 1 crawls billions of web pages to locate and track threat actor activity, using proprietary, small pattern analytics to reveal new phishing sites, malware payloads and campaigns before they go active—with average 24-day advantage over other defenses.

A phish can’t be unlanded. Once it arrives, the equation changes radically in the attacker’s favor.

That’s why Area 1’s preemptive model uses:

  • High Scale Cloud MTA architected for email at scale with the highest levels of security and service assurance
  • Comprehensive targeted attack defense against BEC, ransomware, spam, viruses, backscatter attacks, and the rest of the hacker arsenal
  • Quick visibility and deep context for rapid-scale message tracing and detections search, along with the industry’s fastest indexing and retrieval rate
  • Cloud-native operational simplicity with cloud-first, API-first architecture and deep hooks into existing operational tools and playbooks
  • Enterprise-grade email hygiene to enforce inbound TLS, email authentication, and partner communications policies
  • Multi-modal deployments including flexibility with inline or out-of-band modes with API / connector support for easy search and retrievals

Area 1’s 8+ Petabyte attack data warehouse can deal with whatever threat actors throw at Office 365. The service updates and enhances machine learning detection at the pace of threat actor evolution, continuously analyzing suspicious web pages and payloads, dynamically blocking new criminal and nation-state attacks. Unlike SEGs, Area 1 performs complex deconstructions such as imposter analysis and conversational context analysis.

Secure the Integrity of Your Office 365 Inboxes

As Office 365 consolidates its role in our society, and with a remote workforce the potential new normal, phishing will inevitably soar. Cyber criminals must not be allowed to compromise or degrade Office 365, and the best way to assure that is with robust anti-phishing technology.

To learn more, download the Office 365 Security solution brief here, or request a demo here.

n oxygen, the notion that it can serve as a handy conduit for attackers is deeply alarming. The versatility and familiarity of Office 365 have made it a strategic resource — and a rich target. People think of Office 365 almost as a commodity —like electricity — and therein lies its vulnerability

Want to keep up to date with the latest phishing trends? 

Subscribe to our newsletter here!


How to replace your email gateway with Cloudflare Area 1

Leaders and practitioners responsible for email security are faced with a few truths every day. It’s likely true that their email is cloud-delivered and comes with some built-in protection that does an OK job of stopping spam and commodity malware.

Introducing email link isolation – Email gateway replacement playbook

This week was a big one for us at Cloudflare, one of our four innovation weeks which we hold annually, showcasing new developments, product news and reference architectures.

Superhero strategies for the Phish Fight

Today is National Superhero Day, and we would like to dedicate this day to you—the SOC teams and the security experts on the frontline of the phish fight.