Story image

Layered security strategy vital to combat Microsoft 365 phishing threat

By Shannon Williams, Thu 2 Sep 21

A layered security strategy is vital in order to combat threats such as the latest Microsoft phishing campaign, according to cyber security specialist Cyren. 

Microsoft has warned Office 365 customers that they're being targeted by a widespread phishing campaign aimed at nabbing usernames and passwords. 

"Today’s email threats rely on three things to be effective: a convincing social engineering lure, a well-crafted detection evasion technique, and a durable infrastructure to carry out an attack," the Microsoft 365 Defender Threat Intelligence Team warns. 

"This phishing campaign exemplifies the perfect storm of these elements in its attempt to steal credentials and ultimately infiltrate a network. And given that 91% of all cyberattacks originate with email, organisations must therefore have a security solution that will provide them multilayered defense against these types of attacks."

The ongoing phishing campaign is using multiple links; clicking on them results in a series of redirections that lead victims to a Google reCAPTCHA page that leads to a bogus login page where Office 365 credentials are stolen.  

Microsoft warns this feature is being used by the phishing attackers. 

"However, attackers could abuse open redirects to link to a URL in a trusted domain and embed the eventual final malicious URL as a parameter. Such abuse may prevent users and security solutions from quickly recognising possible malicious intent," Microsoft says.

Pete Starr, Global Director of Sales Engineering at Cyren on Microsoft's warning about an Office 365 phishing campaign that is targeting usernames and passwords.

"Microsoft Office 365 credentials continue to be one of the key targets of phishing attack perpetrators globally. In fact, there are an abundance of phishing kits available online that specifically target Microsoft O365, and they have the ability to use many evasion techniques to bypass email gateway defences and Microsoft Defender for Office 365," he says. 

"They often combine several evasion techniques and use trusted cloud services, just like this campaign which is particularly devious." 

To combat these threats, Starr says it is important to implement a layered strategy. 

"The layered strategy needs to include real-time detection of zero-day and unique phishing threats. This warning from Microsoft is interesting, but phishing attacks have a very short lifetime generally not more than 48 hours," he says.

"If you're reading about an attack in the news, it's too late to prevent it," Starr says.

"We have also observed that organisations have emphasised automating their phishing incident response playbooks. Their objective is to reduce the time between detecting a new evasive threat and eliminating it from all user inboxes. 

"At present, email security is overly focused on prevention which demonstrates diminishing returns for each new layer of detection," he says. 

"By adding a real-time detection and automated remediation capability to identify and eliminate phishing threats rapidly, we can minimise the impact of when a phishing email makes it through our defences."

Recent stories
More stories