Microsoft 365 is the default email security for most organizations, and cybercriminals know this, so they’re upping their schemes to get around Defender’s scanners. A report released earlier this year by Vade revealed that Microsoft is the number one target for brand impersonation. It seems criminals are not just trying to spoof the brand, but also use it as a benchmark to test the effectiveness of their malicious schemes. “Before unleashing an attack, hackers will test and verify that they are able to bypass Microsoft’s default security. In other words, they are crafting attacks specifically to take advantage of getting around Microsoft and landing in the user’s inbox,” Check Point said. For this report, the researchers analyzed millions of emails from various US-based organizations in different industries. They found that the number of phishing emails Microsoft Defender failed to block has increased by about 74 percent since 2020. This does not mean Microsoft’s security has gotten “worse,” Check Point researchers noted, but hackers have figured out how to bypass its security. “The sheer volume of sophistication is unmatched. Thus, the higher number of bypassed emails reflects a concrete, focused effort by hackers the world over to develop tools that will get in front of Microsoft users,” the report said.
Sophisticated Phishing Campaigns
Before the COVID-19 pandemic, Check Point researchers found that only 10.8 percent of malicious emails reached users. However, in 2022, that rate has increased to 18.8 percent. There are many reasons for the higher number of phishing emails filtering through Microsoft’s defenses in 2022 compared to 2020, the report said. Phishing attacks have doubled since then as more people are working remotely. Also, threat actors appear to be focusing on “sophisticated phishing campaigns.” Unlike in 2020, Microsoft Defender missed more phishing emails in larger organizations. While Check Point’s pre-COVID-19 research showed no difference between a company’s size and the rate of missed phishing emails, its latest analysis indicates otherwise. Two large organizations the researchers looked at had a missed phishing email rate of around 50 to 70 percent. With more phishing emails escaping Microsoft Defender, users are also ending up with a bigger junk folder, as most people redirect all suspicious emails to this folder out of fear of possibly blocking legitimate messages. Check Point found that Microsoft sends about seven percent of all phishing messages to the junk folder. As is often the case, users may scroll through this folder to find missing legitimate emails and mistakenly interact with a phishing message as there is “no distinction between treasure and trash,” the report said.
Targeted Financial Attacks
Not only are threat actors orchestrating more sophisticated campaigns, but they’re specifically crafting their financially-motivated attacks to escape Microsoft’s surveillance. Microsoft Defender failed to stop 42 percent of financial attacks in the study. These attacks include “fake invoice scams, fraudulent Bitcoin transfers, phony business proposals, fake wire requests and more.” Defender also missed brand impersonation emails, credential harvesting emails, social engineering emails, business email compromise attacks (BEC), and fake tax-related emails. Check Point provided a few examples of these insidious financial phishing emails. One email had a link that was supposed to take users to a page to get more details about a proposal. However, it opened up a fake Microsoft login portal. In another email, a threat actor impersonated Best Buy to get potential victims to click on a malicious link, claiming they could win a prize in a loyalty program. A close analysis of the email shows that it has a suspicious “reply to” address. In a third example, Avanan shared a credential-harvesting phishing email where hackers masqueraded as PayPal, encouraging users to call a phone number. Usually, when targets call the number, the threat actor will try to pry for personal information like their login credentials or banking details.
Key Takeaways
Check Point found that, over the past year, IT staff in large organizations have spent thousands of hours sifting through suspicious email reports, resulting in lost time, burnout, and overlooked priorities. Unfortunately, they can only resolve a few percent of such reported phishing attempts. In addition to the default security on email platforms, Check Point recommends that enterprises use an inline cloud email security solution. Cyberattacks like phishing constitute a significant threat to organizations across the world. To learn more about this threat, check out our guide to phishing. Our article on the best cybersecurity tools contains excellent suggestions to help your organization ward off phishing scams and other cyber threats.
