Telecommunications giant Cisco has highlighted how bad actors are targeting Microsoft's Office 365 service with phishing campaigns. While all cloud email services, such as Gmail, are also attacked, Office 365 leads the way in phishing attempts by a considerable margin.
The information was presented by threat intelligence analyst Ben Nahorney on the Cisco Security blog.
Citing information for security firm Agari Data, Nahorney says the number of phishing emails sent to users pretending to be from Microsoft has increased. In fact, bad actors impersonating the Redmond giant now accounts for over half all phishing attacks during the last quarter.
Another security firm, Avanan, doubled down on this data in its annual phishing report. The company found one in every 99 emails sent is a phishing attack.
“Of the phishing attacks we analyzed, 25 per cent bypassed Office 365 security, a number that is likely to increase as attackers design new obfuscation methods that take advantage of zero-day vulnerabilities on the platform,” Avanan wrote.
Kaspersky Lab has also recently confirmed Office 365 is the main target of phishing campaigns. The security firm says 70 percent of all attacks are targeted at Office.
Phishing attacks are where an attacker pretends to be a legitimate email source, such as a company or authority. Emails send by bad actors are loaded with malicious content in the form of an attachment. Unwitting users, believing the email is safe, click the attachment. Either malware is installed onto a machine through this vector, or a PC becomes unresponsive in a ransomware attack.
While phishing is common and not new, attackers are evolving. They are now creating legitimate accounts to send their malicious emails and are even mimicking real contacts.
“For the recipient, it's often even someone that they know, eliciting trust in a way that would not necessarily be afforded to an unknown source. To make things more complicated, attackers often leverage ‘conversation hijacking,' where they deliver their payload by replying to an email that's already located in the compromised inbox,” Nahorney says.
“The phishing campaigns usually take the form of an email from Microsoft. The email contains a request to log in, claiming the user needs to reset their password, hasn't logged in recently or that there's a problem with the account that needs their attention. A URL is included, enticing the reader to click to remedy the issue,” Nahorney adds.
Nahorney offers the following steps for preventing phishing attacks:
- “Use multi-factor authentication: If a login attempt requires a secondary authorization before someone is allowed access to an inbox, this will stop many attackers, even with phished credentials
- Deploy advanced anti-phishing technologies: Some machine-learning technologies can use local identity and relationship modelling alongside behavioral analytics to spot deception-based threats
Run regular phishing exercises: Regular, mandated phishing exercises across the entire organization will help to train employees to recognize phishing emails, so that they don't click on malicious URLs, or enter their credentials into malicious website.”