Office 365 security is improving, but so are cybercriminals. How secure are you?

Danny Bradbury

It’s nice to see Microsoft’s Office 365 security improving. Now, for an additional fee, its users can enjoy some of the same basic security features offered by best-of-breed solutions. The problem is that cybercriminals are improving too, honing their techniques to create more sophisticated attacks than ever. To lower their risk to acceptable levels, companies should really be looking at specialized email security and web protection solutions, on top of anything Office 365 has to offer, as a minimum. 

Dastardly delivery techniques

Email is still a primary delivery mechanism for unwanted software, but as people become increasingly attuned to phishing scams, attackers are upping their game to make their emails more convincing. 

‘Spray and pray’ email phishing soon evolved into Spear Phishing. It targeted specific groups of individuals, typically company employees, by embedding well-researched corporate information into scam emails. Attackers are now scaling up Spear Fishing attacks by sending victims information that appears too personal to ignore. Attackers in the UK sent targets emails that included their postal addresses, suggesting that they were using stolen database records with more than just email information to target people.

Now, ‘whaling’ takes social engineering a step further. Whale-mails purport to come from high-level executives in a company, with specific instructions to move money into the attackers’ accounts. People are falling for it, with catastrophic results.

Some malware isn’t arriving via email at all, but instead via malvertising, as attackers inject malicious code into display ads that are then unwittingly sent by legitimate advertising networks to big name websites. The ads then infect victims who do nothing more than visit a legitimate site. 

Powerful payloads

It isn’t just the delivery techniques that are becoming more devious. The nature of the software is also evolving. Cybercriminals are using malicious software with increasingly damaging payloads. Ransomware, which encrypts victims’ data and only releases it after the victim pays, is now deleting more files or increasing the ransom on a timed basis, putting even more pressure on victims to pay up. 

One particularly nasty variant of malware that often accompanies phishing attacks is crimeware. This is data-stealing code designed to attack customers of particular financial institutions using key logging techniques to document what they are typing when they log into specific websites.

Other software uses even more advanced techniques. For example, ModPOS, an almost-undetectable piece of malware designed to attack point-of-sale systems, is a modular program that not only scrapes credit card data from POS terminals, but also includes a key logger and a downloader function that can install new functions. Each of these functions operates as a rootkit, making it extremely difficult to spot. Rootkit software is specifically designed to conceal that a system has been compromised, sometimes by replacing vital executable files. This allows rogue software to effectively “hide in plain sight”, by disguising itself as critical system files that any antivirus package will overlook.

Ducking detection

Rootkit-like functions are part of a growing trend to avoid detection and in some cases increase persistence, as attackers do their best to stay in your network as long as possible. 

Many anti-malware solutions use sandboxes to analyse incoming email and potentially even open or run attachments in a safe environment, enabling them to detect malicious behaviour before passing it on to users. Some malware now uses sandbox evasion techniques, looking for signs that it is running in a sandbox and taking evasive action. Other attackers test their programs against multiple anti-malware scanners before distributing them. In some cases, malware focuses on persistence, too, and will even survive an operating system reinstallation.

What can you do to stop your company falling victim to hackers’ increasingly devious techniques? Defense in depth is a powerful tactic. Don’t rely on one company’s solution to protect you from compromise. Instead, rely on two or even more layers of protection. Like the multiple layers in toughened glass, each extra level of protection increases your chance of dodging a bullet.