Post Gmail Phishing Scam - Time to Reinforce Office 365 Spam Filter

Posted by Geraldine Hunt on Fri, May 12th, 2017

Last week’s large-scale phishing campaign targeting Google’s one billion or so Gmail users demonstrated not only how sophisticated today’s attacks can be, but how fast they can proliferate across the globe.  Fortunately, no real data other than contact information was compromised.  There were several characteristics of this attack that made it so effective:

• It was driven by a worm that immediately accessed and utilized an affected user’s contact list once it was rooted within the compromised device in order to propagate
• The malicious link looked highly credible and trustworthy
• The email was sent from a trusted contact

Gmail phishing scam – a million users affected

In the end, around one million users were affected.  Indeed the speed and coverage of this attack is disturbing.  Even more troubling however is that in the year 2017, after years of dealing with and discussing the issue of phishing attacks, we seem just as vulnerable as ever to these attacks.  Though this Google attack stole headlines, the story has been exemplified in industry statistics that should be upsetting for any cybersecurity manager. 

• According to a report issued by Symantec just last month, one in 131 emails sent last year contained viruses or dangerous links - which is the highest rate for five years.
• According to Verizon’s 2017 Verizon Data Breach Investigations Report, 1 in 14 users were tricked into clicking a link or opening an attachment.  Of those, 25% were duped more than once.
• The same report showed that 43% of all data breaches were a result of installed Malware that was installed via a phishing attack.  A similar study shows the number at 93%.
• It’s estimated that phishing scams confiscated more than three billion dollars (£2.3 million) from businesses over the past three years globally.

Phishing is ubiquitous and expensive.

Why does phishing remain such an epidemic today?  Perhaps in the same way that a politician heralds that the passing of a new legislation that he or she drafted will solve all of our problems and allow us to move onto the next challenge, many organizations select an email security solution and then never bother with it again.  Email security is in many ways looked at as a commodity today in the belief that all solutions are the same.  The fact is that if email is the primary delivery launching and delivery system for malware and ransomware, we should never consider the problem solved in one easy step.  Below are some suggestions as to how to reevaluate how you approach email security:

1. Consider an annual evaluation of your current anti - phishing solution.  Ask to speak with one of their engineers to understand their technology and approach to combatting email threats.  Keep a log of reported phishing emails in order to measure the effectiveness of your current solution.  Talk with your peers from other organizations about the effectiveness of their chosen tools.

2. If your organization utilizes a cloud based email solution such as Office 365, consider supplementing their own email protection with a third party solution of your choosing.  The recent Google attack proves that these large email cloud conglomerates are indeed vulnerable to attacks.  Every email cloud vender boasts spam filtering but how effective is it against innovative phishing attacks.  With the skyrocketing costs that occur as a result of a data breach, the supplementation of a third party email security system should be regarded as insurance and that makes you proactive and in charge.

3. Reevaluation is not just limited to email security vendors.  It in fact starts within your own organization.  Your end users are your weakest endpoint as well as your first line of defense.  Giving them the knowledge necessary to identify and discern emails that may be malicious in nature is an absolute necessity today.  Training however means more than a short email or presentation once a year.  Training is a continual process because cybercriminals are constantly modifying their methods of alluring users to initiate a required action to launch malware.  According to a recent article in InformationWeek, the reasons that users click such links are curiosity (13.7%), fear (13.4%), and urgency (13.2%), followed by reward/recognition, social, entertainment, and opportunity.  The fact is that tactics are always changing, which means you must keep your users abreast of the latest trends and methodologies.

4. Phish your own users, seriously!  Cybercriminals are doing it relentlessly all the time.  What better way to see just how scrupulous your users are with their email.  Studies have shown that malware infection incidents drop significantly after an internal phishing expedition.  Though these can prove highly effective, it is critical that such an endeavor is implemented correctly and not be utilized as a game of gotcha in order to punish those who fall for it.  Users should be informed about the program and why it is being employed.

Contact TitanHQ today to see how we can meet your unique business needs, and further secure your Office 365 environment. 

** UPDATE 25/09/2018: 
Read our brand new, just released 2018 report on overcomimg the Email Security Weaknesses in O365. 

Recent research by Osterman identifies that Microsoft’s EOP can detect 100% of all known viruses with updates every 15 minutes. However, the research found it to be less effective against unknown or new malware delivered by email. System Administrators implementing Office 365 need to make sure it’s secure by layering in a dedicated secure messaging and spam filtering solution like SpamTitan to protect against advanced persistent threats. To protect against advanced threats you need advanced protection.
Read the free Office 365 Security report here