Covid-19 Exposes a Newly Remote Workforce to More Evasive Phishing Attacks

With the world threatened and preoccupied by Covid-19, cybercriminals are taking advantage of the chaos. In the past month, we’ve seen:

• A surge in malware using Excel4 Macros (XLM) in hidden worksheets, under the guise of “Important information about CoVid-19”

• AgentTesla sending an email posing to have an order of surgical masks

• And simple, age-old attacks with malicious Powerpoint slides attached

Before Covid-19, 78% of Microsoft 365 administrators reported security breaches, citing phishing as the leading cause. Now scammers are rushing to target scattered workforces that are distracted, stressed, and accessing cloud systems from their home networks.

Covid-19 is the perfect storm for cloud inbox security

In response to the pandemic, many enterprises abruptly adopted new tools and protocols. Cloud inboxes have long been more vulnerable than on-premises email platforms–enterprises using Microsoft 365 consistently report a higher average incidence of successful phishing attacks than they experienced with on-prem. Companies that switched quickly won’t have additional safety measures in place.

And those safety measures will be delayed. IT admins and SOC teams were already stretched to the limit. Their cybersecurity skills are in short supply, and sick/depleted staff will struggle to respond to the growing alerts they are bombarded with.

And, cruelly, phishing and fraud attacks are designed to create a sense of urgency. They induce people to click or follow instructions–reflexive behavior for an on-edge workforce. According to the 2019 Global Data Exposure Report, “78% of CSOs and 65% of CEOs admit to clicking on a link they should not have, showing that no level of employee is immune to lapses in judgment.”

It’s time to layer Inbox Detection and Response on top of SEGs

Enterprises using cloud-hosted email urgently need an inner layer of email security called Inbox Detection and Response (IDR).  While trusty features like Microsoft Safe Links filter spam and known threats, it can’t detect all sophisticated/evasive attacks like spear phishing attacks and cousin domain spoofing.

IDR solutions instead hook into users’ inboxes, continuously scan all inbound and outbound emails in all folders​, and automatically follow links. They check URLs for favicons, mismatched logos, legitimate site maps, domain owners, security certificates, even regionalized code – all indicators that help flag, “Is this a valid email or is it phishing?”

Best of all, when threats are uncovered, IDR solutions can automatically delete every copy across every mailbox. This automatic remediation removes the burden on the email administrator or security analyst and massively reduces the feared “window of vulnerability” caused by malicious emails lingering for lengthy periods within the reach of users.