On July 7, Microsoft revealed they’ve been working since December 2019 to wrest control of key domains used in vast cyber attacks in 62 countries.
This particular phishing scheme used COVID-19-related lures to defraud Microsoft 365 customers. It’s one of many attacks we’ve seen. With tensions high and IT resources stretched to the limit, the pandemic is the perfect storm for cloud inbox security.
Related: Microsoft 365 Is Wildly Successful and Profoundly Vulnerable - Here’s Why
But this isn’t a 2020 phenomenon
The really sobering stat? Before Covid-19, 78% of Microsoft 365 administrators were already reporting security breaches, citing phishing as the leading cause. And according to the FBI’s 2019 Internet Crime Report, those phishing attacks cost US businesses and local governments $1.7 billion last year.
No matter the state of the pandemic, vaccinations, or a return to (somewhat) normal life, Microsoft will remain uniquely vulnerable to phishing:
Its native security has a 16% false negative rate for spam and phishing emails, according to Mimecast.
If a scammer uses a spoofed/lookalike/soundalike domain that doesn’t exactly match your domain name, Microsoft 365 won’t flag the activity. It also won’t flag spoofed domains for your business partners or even well-known brands. “Saleforce.com” will still go through.
Microsoft 365 uses static blacklists when scanning URLs for threats. Meanwhile phishing sites can have short life spans, even just a few hours. Analyzing each site in real time is a far stronger form of prevention.
And Microsoft 365 uses virtual sandboxing to scan attachments in an email. But sophisticated threats require deeper inspection of embedded documents and code.
Inbox Detection and Response is our best defense
Enterprises using cloud-hosted email urgently need an inner layer of email security called Inbox Detection and Response (IDR). While the trusty Secure Email Gateway filters spam and known threats, it can’t detect sophisticated or evasive attacks like spear phishing and cousin domain spoofing.
IDR solutions instead hook into users’ inboxes, continuously scan all inbound and outbound emails in all folders, and automatically follow links. They check URLs for favicons, mismatched logos, legitimate site maps, domain owners, security certificates, even regionalized code - all indicators that help flag, "Is this a valid email or is it phishing?"
Best of all, when threats are uncovered, IDR solutions can automatically delete every copy across every mailbox. This automatic remediation removes the burden on the email administrator or security analyst and massively reduces the feared "window of vulnerability" caused by malicious emails lingering for lengthy periods within the reach of users.
Learn more about Cyren Inbox Security
Cyren Inbox Security was built to safeguard each and every Microsoft 365 mailbox in your organization. It is a continuous and automated layer of security right in the user mailbox:
Persistently rescans inbound, outbound and delivered emails in all folders
Reduces investigative overhead with automated incident and case management workflows
A seamless mailbox plugin lets users scan and report suspicious emails
Our threat visibility is unsurpassed. Cyren’s global security cloud processes 25 billion email and web security transactions every day; identifies 9 new threats and blocks over 3,000 known threats each second.
Ready to play with Cyren Inbox Security for Microsoft 365? Start a 30-day trial, no credit card needed >