Office 365 users have been cautioned regarding a continuous phishing campaign that collects user credentials. The attackers utilize sophisticated strategies to circumvent email security defenses and social engineering techniques to trick company personnel into going to sites where credentials are collected.
A number of baits are utilized in the phishing emails to entice remote workers, like fake password update notice, details on teleconferencing, SharePoint notifications, and helpdesk tickets. The lures look convincing and the webpages which Office 365 users go look genuine with cloned logos and brand colors.
The threat actors have employed different tactics to get around secure email gateways to make sure the messages land in inboxes. For instance, redirector URLs that can identify sandbox environments and will bring real users to the phishing web pages and security solutions to benign sites, to avert analysis. The emails additionally include heavy obfuscation in the HTML code.
Microsoft cites that the redirector websites have a distinctive subdomain that has a username and the targeted company’s domain name to add more realism to the campaign. The phishing URLs come with an extra dot after the top-level domain, then there is the Base64 encoded email address of the recipient. The phishing URLs are usually added to compromised web pages, instead of using it on domains owned by the attacker. Considering that a lot of varying subdomains are employed, it is likely to send big volumes of phishing emails and avert security tools.
Office 365 credentials are extremely popular by hackers. Email accounts may be accessed and used for more phishing attacks, business email compromise scams, and the accounts frequently comprise a lot of sensitive information, which includes protected health information (PHI). When an attacker gets access to the Office 365 environment, they could access sensitive stored files, and perform more attacks on the company.
Microsoft stated that Microsoft 365 Defender for Office 365 can detect phishing emails and handle attacks. But a recent IRONSCALES study showed that many email security gateways are unable to block these advanced phishing threats.
The security firm based in Israel just published info from a test of the top secure email gateways and discovered that they failed to prohibit around half of the advanced phishing attempts, which include spear-phishing attacks and social engineering attacks. The organization utilized its Emulator to examine the effectiveness of five of the leading secure email gateways, like Microsoft’s Advanced Threat Protection (APT), and simulated real-world phishing conditions to observe how each performed.
For the tests, IRONSCALES performed 162 emulations (16,200 emails) against the top 5 secure email gateways and learned that 47% of the email messages or 7,614 emails landed in the inboxes. The penetration rate or the percentage of email messages that eluded the secure email gateways was 35% to 55% in all 5 tested security solutions.
The major secure email gateways were helpful at preventing emails with malicious attachments, as just 4% of messages were delivered to inboxes, and only 3% of emails that contain links to malicious files were received. Nevertheless, they were a lot less efficient at stopping social engineering and email impersonation attacks since 30% of email messages were delivered successfully. 25% of emails with domain name impersonations were sent. Those emails linked to a domain name that got the ideal records set in the DNS. Emails that contain links to URLs that have bogus login pages were sent 16% of the time.
The tests pointed out the importance of AI-driven security solutions that contain natural language understanding and the value of giving employees training on security awareness, as many of these advanced phishing threats will reach the inboxes of end-user.