Tag Archives: virus

5 Commonly Overlooked Security Threats

 The Internet is a vast place that brings amazing information to our fingertips in a matter of seconds. While this is a wonderful attribute, it also can be dangerous to your personal information or business’s data. That’s because there are hackers out there just itching to access your information and email is still a common way they accomplish this feat. And as we’ve seen through several recent examples—including the 2015 Pentagon and 2014 Sony email hacks—simply having a “strong” email password isn’t enough to keep your data from being compromised.

While some may jokingly (or not-so-jokingly) call for less email usage and more frequent use of the phone to communicate important information, it’s not always possible in our highly digital world. So in addition to being cautious about what is communicated in your emails, it’s important to understand how to protect those emails in the first place. To ensure secure email on your personal and work devices, you first have to recognize threats to your email system—including the less common ones.

Overlooked security threats

Here are five often overlooked threats to your email security:

  1. Social engineering schemes that use your mobile number—Did you know that attackers only need your mobile number to trick you into giving access to your email? Essentially, they’ll send you a text posing as your email provider (e.g., Outlook) and tell you you’re about to receive a code to ensure your email account is secure. This text will then ask you to reply with the code to confirm. Then, they’ll trigger the password reset process, you’ll receive a real message with the unlock code—and if you send it to the attackers unknowingly—they’ll use it to reset your password without your knowledge. Check out this video if you want more specifics on this scheme.
  2. Sharing your access credentials with others—It’s common for some employees to share their credentials—including their password—with a fellow employee or manager when they’ll be out of the office, whether on vacation or during short-term or long-term disability. If organizations don’t have defined security policies for these situations, a lack of accountability could lead to compromised email security.
  3. Loss of a phone with pertinent information—Password management applications are wonderful tools that help you keep track of all the passwords for all of the email accounts you undoubtedly have. But if this application is installed on a phone that is lost or stolen, that can be a problem. Of course, it’s important that your phone is also password-protected, but organizations should take security one step further when it comes to work or personal devices that carry business data or information. Specifically, a business should standardize acceptable use policies regarding the local storage of files, remote wipe capability and network connectivity.
  4. Lack of email encryption—Just because data is passed via a secure email server doesn’t mean it’s 100 percent safe. To add an extra layer of protection, companies should invest in an encrypted email service, which seals email messages and ensures only those with a decryption key can read and access sensitive information.
  5. Crypto-ransomware—Ransomware is nothing new, but it’s a nasty way for hackers to operate. They essentially take the files on your computer or devices hostage until you pay a ransom to have them released. Crypto-ransomware is even nastier, as the hackers encrypt your computer’s files and will only surrender decryption keys upon payment. How is this related to email? These attacks are typically triggered through the opening of some sort of email attachment (e.g., an invoice, energy bill, image, etc.) and they often look legitimate. According to Symantec’s 2015 Internet Security Threat Report, attacks of this nature are highly profitable (bringing in approximately $34,000 per month for one group alone) and growing in popularity.

Whether through phishing schemes or direct malware attacks, email security threats are prevalent—and as we’ve seen, even the mighty can fall prey to them. That’s why it’s more important than ever for organizations to invest in a secure email service that will help them keep their data safe. In addition, employee education is a large part of maintaining a secure email environment. When people know what to expect, they’re better equipped to protect themselves and their companies from liability.

Get more out of your email to help grow your business with solutions from Atidan and Microsoft. Contact us today at office365@atidan.com

 

Blog credit to Microsoft: https://blogs.office.com/2016/01/28/overlooked-email-security-threats/

7 new Exchange Online Protection enhancements

Post was written by Shobhit Sahay, technical product manager for the Office 365 team.

The Office 365 Exchange Online Protection (EOP) team has been hard at work on new features that reflect our continued commitment to provide advanced security, reliability and protection of your email, and a simpler and more efficient user experience for email admins. Today, we’re pleased to announce seven new EOP features, including:

  1. Scheduled EOP reports
  2. Domain-based email traffic support
  3. Simplified block and allow
  4. Quarantined message preview
  5. Bulk release
  6. Improving backscatter detection with Boomerang
  7. Non-delivery report (NDR) backscatter storm prevention

Scheduled EOP reports and domain-based email traffic support

Two new EOP reporting features have been included in this update. First, customers can now schedule EOP reports to be delivered via email on a weekly or monthly basis. For tenant admins, this means you can schedule EOP reports to arrive in your inbox on a day that you specify and choose from four types of EOP reports:

  • Mail traffic summary (aka sent-and-received mail)
  • Spam detections summary
  • Rule matches
  • Data Loss Prevention policy matches

7 new Exchange Online Protection enhancements 1

The new scheduled report feature is easy to set up on the Office 365 portal for EOP or Exchange Online customers.

To get started, go to the Office 365 portal and click Reports, then select the type of report you want to schedule. From the report page, click Schedule this report. It’s that easy! You’ll find more information about scheduling EOP reports and the customization features that help you obtain the specific data you need here.

7 new Exchange Online Protection enhancements 2

Scheduled EOP reports are delivered to your inbox on the day of the week or month you specify.

The second new reporting feature enables admins to assess email traffic at the domain level through PowerShell. For large customers with many domains, this feature makes it easy to view domain-level aggregation of mail traffic. To obtain mail traffic breakdown by domain, use the ‘Domain’ parameter with  Get-MailTrafficReport and Get-MailTrafficPolicyReport in PowerShell. More information about domain-based email traffic support is available here.

Simplified block and allow

We simplified the process for EOP or Exchange Online admins to block or allow emails from an individual sender or an entire domain. The new simplified block-and-allow lists replace the need to write a complex transport rule to bypass spam filtering or modify the Spam Confidence Level for a sender or domain.

Located in the Spam Filter section of the Office 365 Exchange Admin Center, you’ll access this feature by clicking the Protection link, making it easy and intuitive to find. There, you can create, edit and maintain block-and-allow lists for senders and domains.

spamallowlist

Simplified block and allow is currently in preview with first-release customers and will be deployed worldwide by the end of the month.

Quarantined message preview and bulk release

As part of our efforts to revamp our quarantine feature area to further protect against email containing malware or viruses, we released our new quarantined message preview earlier this month. You gave us the feedback that you need more information to determine if a quarantined message is malicious or legitimate. The new quarantined message preview allows you to see the body of a message without triggering any malicious content. This new visibility provides an improvement over previously just seeing a quarantined message’s sender, recipient, subject and date.

Two months ago, we released our bulk release feature, which has received widespread positive feedback from customers. Now, admins can quickly and easily select up to 500 quarantined messages to release or not release, which can be especially helpful in addressing large email campaigns. The bulk release feature can be accessed either through the Office 365 quarantine area or via PowerShell.

Backscatter spam improvements

Backscatter spam—when you receive a non-delivery receipt for an email that a spammer sent using your forged email address—is a growing source of irritation for end users and a challenge for email admins. We have stepped up to backscatter spam with two new protections:

  • Improving backscatter detection with Boomerang—In addition to basic backscatter protections in Office 365, we recently rolled out Boomerang, our Microsoft-branded mechanism to better detect backscatter spam. Now deployed for both hosted and on-premises mailboxes, Boomerang provides greater security and smarts to fight backscatter spam.
  • NDR backscatter storm prevention—This feature, deployed in May, addresses backscatter on a mass scale by automatically deleting the majority of a spammer’s large-scale email campaign, leaving just a handful of forged messages so that the responsible admin has visibility on the attack. NDR backscatter storm prevention is especially helpful in preventing spammers from spoofing well-known, executive email aliases, which are often targeted to add an appearance of legitimacy to spam or to direct mass hate emails.

Contact the Atidan team at office365@atidan.com for additional information about security and special offers on Office 365 deployment and support!

Microsoft Exchange Advanced Threat Protection Launch

Pleased to announce that an Advanced Threat Protection (ATP) service is available now to all Exchange/Office 365 subscribers (Coming August 1 for volume (Open/EA) license customers). You already have Microsoft’s Exchange Online Protection (EOP) at no charge to protect against spam and malware. Exchange Advanced Threat Protection or ATP is a new offering launched this week and is priced at $2 per user per month. You can activate any number of licenses to suit your needs – try it for your top executive team, for users who work with sensitive content or for your entire enterprise.

Key benefits and my comments include:

1.  Better protection against day zero viruses and unknown malware

  a.  Even after EOP filtering, something that has never been seen before can get through filters

  b.  Machine learning with behavior analysis watches content and makes real time validations called Safe Attachments

    i. Could cause possible message delays in suspicious message receipt fyi

2.  Real time protection against malicious URLs

   a.  Protect against phishing attacks and redirection

   b.  Check is performed at time of reading

         i.  Note this could cause a time delay while URL is scanned as the link is clicked

3.  Reporting and URL Tracing

a.  Analyze patterns of attacks, categories of attacks and conduct investigations

It is hard to put a value on this service but the cost is insignificant compared to the cost of an attack such as the Cryptolocker virus. One single incident could dwarf the costs of this subscription and I’ve posted a great white paper study from Ponemon detailing the average data breach cost .

Active Atidan clients can get our assistance to turn on this service at NO CHARGE. Additional consulting is always available to help you with new security features in Office 365 such as Rights Management, Encryption, eDiscovery, Legal Hold, Archiving and more.

Exchange Online Advanced Threat Protection

Protect your email in real time against unknown and sophisticated attacks.

Secure your mailboxes against advanced threats

New malware campaigns are being launched every day, and Office 365 has a solution to help protect your email against them. With Exchange Online Advanced Threat Protection, you can protect your mailboxes against new, sophisticated attacks in real time. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.

Protect against unsafe attachments

With Safe Attachments, you can prevent malicious attachments from impacting your messaging environment, even if their signatures are not known. All suspicious content goes through a real-time behavioral malware analysis that uses machine learning techniques to evaluate the content for suspicious activity. Unsafe attachments are sandboxed in a detonation chamber before being sent to recipients. The advantage is a malware free and cleaner inbox with better zero-day attack protection.

Protect your environment when users click malicious links

Exchange Online Protection provides protection against malicious links by scanning content. Safe Links expands on this by protecting your environment when users click a link. While the content is being scanned, the URLs are rewritten to go through Office 365. The URLs are examined in real time, at the time a user clicks them. If a link is unsafe, the user is warned not to visit the site or informed that the site has been blocked. Reporting is available, so administrators can track which users clicked a link and when they clicked it.

Get rich reporting and track links in messages

Gain critical insights into who is being targeted in your organization and the category of attacks you are facing. Reporting and message trace allow you to investigate messages that have been blocked due to unknown viruses or malware, while URL trace capability allows you to track individual malicious links in the messages that have been clicked.