NEW YORK, Dec. 14, 2016 (GLOBE NEWSWIRE) -- Avanan cloud security experts have discovered a new twist on a well-known cyberattack exploiting users’ increased online shopping activity around the holiday season. Unlike the recent spate of highly publicized attacks targeting users’ credit card numbers with fake messages about a problem with online orders, this new attack goes after something potentially even more valuable: users’ Office 365 passwords.
Once obtained, hackers have full access to the victim’s Office 365 account, providing an unlimited ability to embed malware, launch additional phishing attacks on the victim’s contacts, steal sensitive company information, reroute invoice remittance details, download customer information such as social security numbers and much, much more.
The phishing attack starts with an email that appears to come from FedEx, informing the user that an important package is waiting for the victim. The email contains a link, which is displayed as, http://www.fedex.com/us/track. The actual URL that’s embedded within this displayed link starts with http://fedex-international.com but continues with “.xn-sicherheit-schlsseldienst-twc.de/track.” The .xn uses a Unicode-encoding method called Punycode, which effectively fools Office 365 into thinking this is a legitimate URL that doesn’t contain any malicious intent.
The resulting page displayed upon clicking this link is a fake Office 365 login page, asking for the user to provide his or her Office 365 password. Users still trying to access information about their package are likely to input their Office 365 password at this point, thinking that they had inadvertently logged out of Office 365, and therefore need to log back in to continue to track their package. In reality, however, they are giving up the keys to their workplace environment to hackers.
“The email scanners and threat protection provided by Microsoft are not stopping the latest phishing emails from getting into our organization,” said Matt Litchfield, vice president of Information Technology at JD Norman Industries. “We are experiencing phishing emails that target my users’ Office 365 credentials. These types of attacks represent a very serious security concern for my organization. I no longer believe that Office 365 email scanning offers sufficient protection from phishing attacks by itself; we must layer additional security on top of what Microsoft already provides to ensure a comprehensive email security solution.”
“This is a very significant attack,” said cloud security expert Gil Friedrich, Avanan’s CEO. “With this attack, it’s clear that hackers now realize they can exploit victims’ workplace shopping habits to infiltrate corporate networks, which can be potentially much more valuable than petty credit card theft.”
This exploit represents the latest attack on business users of Microsoft Office 365 and Google’s business Gmail programs, which have become platforms of choice for attacks since hackers can test the deliverability of their messages through their own low-cost test accounts. Companies that have migrated to these SaaS-based mail programs without adding necessary security layers have effectively exposed their users to the growing world of cloud security attacks.
View Avanan’s blog on the attack here: http://www.avanan.com/resources/puny-phishing-office-365.
How to protect from this and future attacks
Office 365 and Gmail have inherently limited abilities to block these attacks, since hackers can simply keep testing the deliverability of their messages until they successfully bypass built-in security layers. No one vendor can provide total protection, which is why Avanan recommends a multi-vendor, defense-in-depth approach. Avanan’s cloud security platform enables businesses to apply any combination of more than 60 best-of-breed security tools to Office 365, Gmail and any other SaaS application, all in Avanan’s elegant single pane of glass, and all with just one click. The added layers of security via Avanan’s platform make it impossible for hackers to “test-bench” the deliverability of their attacks, making unprotected users even more attractive and vulnerable.
Free scan offer
Avanan has offered to provide a free tool to scan Office 365 mailboxes to see how many users in an organization were victims of this attack. To take advantage of this limited-time offer, visit http://www.avanan.com/puny-phishing-office-365.
About Avanan, the Cloud Security Platform (http://www.avanan.com)
Avanan secures any SaaS application, such as Office 365 and Google Mail, or any cloud application with one click, using best-of-breed security technology from industry-leading vendors. Avanan has been named a 2016 Gartner Cool Vendor, a Red Herring Top 100 North American Tech Startup and one of CRN’s 20 Coolest Cloud Security Vendors of 2016.