Over the six-month period from March to August 2020, over 925,000 malicious emails managed to bypass Office 365 defenses and well-known secure email gateways (SEGs), an Area 1 Security study reveals.
How criminals bypass Office 365 defenses
Attackers increasingly use highly sophisticated, targeted campaigns like business email compromise to evade traditional email defenses, which are based on already-known threats.
Attackers also often use Microsoft’s own tools and branding to bypass legacy defenses and email authentication (DMARC, SPF, DKIM).
In one example where a customer layered Office 365 with an SEG, more than 300,000 malicious messages were still missed
There was a steady increase in targeted BEC attacks — including Type 3 (account takeover-based) BECs and Type 4 BEC (supply chain phishing), which would have amounted to several billion dollars in potential losses, and
Spoofed senders and newly registered domains accounted for 71.7 percent of the mi ..
Support the originator by clicking the read the rest link below.
