Attackers Exploit Gap in Office 365 Best Practice Guidelines

• Tweet

July 28, 2020 Update: Due to the complexities documented in this blog post, Microsoft is rolling out changes to e-mail forwarding configuration in Office 365. SecureSky is testing the changes that are documented at the following Microsoft URL, and will update this blog post after completion of testing to address these changes: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/external-email-forwarding?view=o365-worldwide.

With a six times increase in COVID-19 themed incidents, security professionals need to take advantage of every possible configuration and security control to protect against this growing amount of attacks.  Today we will discuss how attackers are leveraging a gap in Office 365 best practices that allows undetected eavesdropping on victim’s emails.

When attackers gain control of an account in Office 365, one of the first steps they often take is to configure email forwarding in the compromised environment. Attackers configure email forwarding in order to see new emails that arrive in the victim’s inbox – which can be responses to attacker phishing attempts sent to the victim contacts. In order to disguise their presence, the attacker does not want the victim to see those emails. 

Read More

Microsoft Security Defaults – A Step in the Right Direction, but Customers Should Do More

• Tweet

We understand that managing security for Office 365 can be difficult and complex. As we continue to see common identity-related attacks against authentication like password spray, replay, phishing and malware-based increasing into today’s uncertain world it's imperative that we understand Microsoft’s “Security Defaults”.   

Read More

SecureSky Cyber Threat Center Sees Greater Than 6 Times Increase In Attacks

• Tweet

But There’s Still a Lot of Good Things Happening In These Trying Times! One of the most staggering statistics reported recently from the SecureSky Cyber Threat Center is seeing a 6x-7x increase in fraudulent scams and BEC cases in the last 30 days, with COVID-19 themes – phishing, fake investment, charities, prevention or treatment offers and testing scams. We have seen similar trending of overall phishing volumes from multiple clients and email gateway providers, which correlates to the sharp uptick in case volume, as well as click rates.

Read More

Will Coronavirus Affect Security Operations?

• Tweet

You cannot open a news site or turn on the television today without rightfully hearing about the coronavirus. While governments and medical systems scramble to respond and contain the virus, it is not clear if the virus will reach epidemic or pandemic levels, how quickly treatment options will become available or how the virus will affect the health and related productivity of large portions of the global population.

Read More

Dudear or Not Dudear – Analyzing A Recent Phishing Attempt

• Tweet

Following the Tweet from the Microsoft Security Intelligence account January 30, 2020 (https://twitter.com/MsftSecIntel/status/1222995250911703041?s=20), we at SecureSky were a little curious whether we had come across any evidence that phishing attempts against our own organization or our clients were part of this recently revived campaign. Not that we really need a reason to do this kind of research but given this announcement, we decided to put some time into this.

Read More