Category: HornetSecurity

Cyber threats are becoming more common by the day. However, we live in an era where digital threats are becoming increasingly sophisticated. When that’s the case, the importance of robust cybersecurity measures cannot be overstated.

Office 365 Advanced Threat Protection (ATP) stands out as a pivotal solution, offering comprehensive protection against a range of cyber threats. This article delves into the intricacies of ATP in Office 365, shedding light on how it fortifies digital environments against the ever-evolving landscape of cyber threats.

Understanding Advanced Threat Protection (ATP)

Advanced Threat Protection in Office 365 represents a critical line of defense in the fight against cyber threats. It’s not just a single tool but a suite of tools designed to provide comprehensive protection against various forms of digital attacks. This suite includes mechanisms to detect, prevent, and respond to advanced threats, safeguarding users from all kinds of malware, including phishing, ransomware, and more. The key to ATP’s effectiveness lies in its ability to adapt to the constant tactical changes cybercriminals employ to breach systems.

How ATP Protects Against Cyber Threats

Advanced Threat Protection (ATP) in Office 365 is a comprehensive security solution designed to safeguard against a wide range of cyber threats. Its effectiveness lies in its multi-faceted approach, combining several key strategies to ensure robust digital protection. Let’s delve into how ATP achieves its goal of securing users and organizations from various cyber risks.

Sophisticated Threat Detection Techniques

At the heart of ATP’s defense mechanism is its sophisticated threat detection capabilities. This involves a detailed analysis and filtering of every email that enters the system, searching for indications of phishing, malware, or other malicious content.

This process isn’t just about scanning attachments and links; it extends to scrutinizing email headers, sender information, and the content itself for any suspicious elements. The system employs advanced algorithms and machine learning techniques to understand user behavior patterns. By monitoring these patterns, ATP can quickly identify anomalies that may signify a security breach, such as unusual login locations or times, which are often early indicators of a cyber attack.

Preventive Measures for Enhanced Security

Prevention is a critical aspect of ATP’s strategy. The Safe Links feature is a prime example of this preventive approach. It protects users from malicious links in emails and documents by verifying the safety of each URL in real time. If a user clicks on a link that ATP identifies as dangerous, they are redirected to a warning page, thus preventing access to potentially harmful content.

Similarly, the Safe Attachments feature adds another layer of defense by meticulously scanning email attachments for malware and other threats. Attachments are examined in a secure, isolated environment to detect any hidden malicious activity before they can reach the user’s inbox.

Robust Anti-Phishing Capabilities

Phishing attacks are among the most common and damaging cyber threats today, and ATP addresses this challenge head-on with its advanced anti-phishing capabilities. ATP’s anti-phishing policies are meticulously crafted to identify and block sophisticated phishing attempts.

These policies employ complex algorithms that can detect signs of phishing, including spoofed domains or email addresses that mimic legitimate ones. Another critical component in ATP’s anti-phishing arsenal is its impersonation detection algorithms. These algorithms are designed to identify attempts at impersonation, a typical tactic used in phishing and business email compromise schemes. By analyzing email patterns and comparing them against known baselines, ATP can spot inconsistencies that may indicate an impersonation attempt, thereby thwarting potential attacks.

Real-Time Response and Adaptive Reporting

The real-time response capability of ATP is vital in mitigating threats as soon as they are detected. Upon identifying a potential threat, ATP acts immediately to neutralize it, ensuring minimal impact on the user or organization.

This instant response is coupled with a comprehensive reporting system, which not only informs the IT team of the nature and scale of the threat but also provides insights for future prevention. The adaptive reporting feature of ATP offers an in-depth analysis of threat patterns, helping organizations better understand the risk and tailor their security measures accordingly.

Integration of ATP with Office 365 Applications

Since ATP is the flagship security measure in Office 365, users should know that it offers excellent integration capabilities with other Office 365 apps. One of these is Microsoft Teams. Deemed as one of the most popular video conferencing apps, ATP’s integration with Microsoft Teams enhances its effectiveness.

Apart from that, ATP also integrates with SharePoint Online and OneDrive. Its ability to work seamlessly with these applications provides a layer of security that is both unobtrusive and robust. This integration ensures that whether in emails, team collaborations, or document sharing, security is always a priority.

Challenges and Drawbacks of Office 365 Advanced Threat Protection

While Office 365 Advanced Threat Protection (ATP) offers robust security features, it’s not without its drawbacks. One significant limitation is its reliance on user awareness and compliance; even the most advanced systems can be undermined by user error or negligence. Additionally, ATP can sometimes generate false positives, leading to legitimate emails being incorrectly flagged as threats, which can disrupt business communications.

There’s also the aspect of complexity in setup and management; smaller organizations without dedicated IT teams may find configuring and maintaining ATP challenging. Moreover, ATP is predominantly focused on threats within the Office 365 environment, potentially leaving other aspects of an organization’s digital infrastructure less protected. These limitations highlight the need for a balanced and comprehensive approach to cybersecurity, one that integrates ATP with broader security strategies and user education programs.

The Future of ATP in Cybersecurity

As cyber threats evolve, so too will Office 365 ATP. Future developments are likely to include enhancements in areas like machine learning-based impersonation detection algorithms and deeper integration with other security solutions like Microsoft Defender.

Conclusion

Advanced Threat Protection is essential for organizations and individuals relying on the Office 365 suite for day-to-day business operations and collaboration. Its comprehensive approach to protecting against threats like phishing attacks, malicious files, and business email compromise. As we move forward, the role of ATP in cybersecurity will only grow, making it an indispensable asset for organizations looking to safeguard their digital assets.

 

Image by Freepik

The post What is Advanced Threat Protection in Office 365 and How Does it Work? appeared first on Cybersecurity Insiders.

By Andy Syrewicze, Microsoft MVP and Technical Evangelist, Hornetsecurity

2023 has seen a host of malicious cyber-attacks targeting a range of organisations from police forces to healthcare providers. The threat landscape has transformed drastically across the course of my career, with as many as 500 potential cyber attacks now being logged every second.

Because of this, it can be more confusing than ever for organisations to understand how to best protect themselves from threat actors. Recent research from Hornetsecurity revealed that almost 60% of businesses are ‘very’ to ‘extremely’ concerned about ransomware attacks, however, one in eight organisations (12.2%) are without a disaster recovery plan. Of those companies, more than half cited a ‘lack of resources or time’ as the primary reason, showing the importance of educating business leaders about how they can avoid cybersecurity horror stories.

The dangers of unmanaged IoT devices

With the rise of smart technology, Internet of Things (IoT) devices have become commonplace in offices and workplaces worldwide. IoT devices can cover anything from smart door locks, fitness trackers, medical sensors or even a refrigerator. At a glance, these devices can appear harmless, however, due to their internet connectivity capabilities they can be manipulated by threat actors to execute cyber-attacks.

The most striking hack I have observed in my career concerned a smart lighting system in a fish tank which had been manipulated to launch targeted ransomware in an office building. The problem with IoT devices lies in the difficulty of identifying these devices due to their seemingly harmless appearance. I later discovered that this was not as unique as I had first thought – a similar attack occurred at a casino. Thankfully in the case of the fish tank lighting, the attack had a smaller scope and only targeted a handful of computers, meaning that the collateral was minor and easily recovered once the device was identified.

The fact that these attacks stemmed from seemingly harmless IoT devices shows the importance of keeping track of all devices in an office space. By ensuring regular firmware updates are carried out, multi-factor authentication is used for said devices, and/or ensuring that IoT devices are put on a dedicated network, organisations can prevent outside access to administrative elements of IOT devices which will in turn prevent cyber-attacks.

How Security Awareness Training can prevent phishing horror stories

It’s no secret that phishing is one of the most popular cyber-attack methods, accounting for around 40% of all cyberattacks. Recent Hornetsecurity research revealed that 40% of all email traffic poses a threat, with 5% of daily global email traffic (approximately 19 billion emails) being classed as malicious.

The clear threat to businesses from cyber-attacks has been bolstered thanks to the development of generative AI models which can be manipulated to quickly generate realistic and successful phishing attacks. Phishing attempts pry on human vulnerabilities to embezzle funds out of organisations, and some of the most devastating phishing schemes I’ve seen in my career showcase the importance of educating employees as a preventative method to these attacks.

Another example involves targeted spear phishing against a managed services provider. The CFO received an email that was seemingly from the owner of the company. This email was very cleverly crafted with all correct identifiers, contact details and titles, but the message was somewhat off, in that it was asking the CFO to remit payment for a 72k invoice via direct wire transfer, which was out of the norm. Thankfully the CFO had undergone some security awareness training and was able to identify that this was a spear-phishing attempt. Strangely enough, the MSP had an ongoing project with local law enforcement at the time and ultimately caught the perpetrator, giving this horror story a somewhat happy ending.

In a survey of over 2,000 IT professionals, a quarter (25%) said they were unsure, or incorrectly believed, that Microsoft 365 was immune to ransomware attacks. This false sense of security means that are unlikely to have bolstered their defences with third-party tools. By offering effective security awareness training, organisations can empower employees with the ability to recognise new cyberattack methods and help foster a sustainable and well-rounded cybersecurity culture equipped to deal with current and future cyber threats.

From witnessing horror stories like these, it’s clear that keeping track of the devices in use within an organisation and staying educated against the current threat landscape is of paramount importance. Organisations must also invest in appropriate, sustainable and robust defence methods to ensure that data remains safe. This could be technical defences including filters and firewalls, monitoring tools and other innovative solutions such as those driven by machine learning as well as deploying a security awareness training programme to foster a sustainable security culture amongst employees.

The post Cybersecurity horror stories and how to avoid them appeared first on Cybersecurity Insiders.

By Daniel Hofmann, CEO of Hornetsecurity

Large Language Models (LLM) and Generative AI technologies like ChatGPT, have brought significant benefits to businesses. However, the potential for misuse and accidental data exposure can lead to high costs for organisations. Recent incidents, such as Samsung’s sensitive data leak through generative AI, underscore the need for careful handling of information when using AI tools. With the rise in use of AI across industries, it’s more important than ever that businesses and employees are able to face the new cybersecurity challenges that this technology is bringing to the fore.

Unveiling New Attacks

Recent research revealed that 90% of all cyber-attacks start with phishing and more than 40% of all emails have the potential to pose a threat to any business. By exploiting generative AI models, malevolent actors can craft near-perfect and highly deceptive phishing emails; and with the right prompts, as we tested in our security labs, it is very simple to ask these models to create ransomware.

Additionally, the rise of ‘deep fakes’ and ‘DeepPhish’ techniques enables scammers to mimic voices and autonomously generate phishing emails that closely resemble genuine communications. AI-driven malware further complicates the security landscape, as it can learn from interactions with cloud environments to evade traditional security measures.

AI-empowered State Hackers

The spread of generative AI is not only a concern for businesses, but it also poses a serious threat to critical infrastructure (CRITIS) and government agencies. Authoritarian states are increasingly using spear phishing attacks to compromise supply security, gather intelligence, and even steal cryptocurrencies.

Businesses and governments must act quickly to prepare and protect their employees and citizens from this new wave of AI-supported cyberattacks. Governments are using a whole host of different tactics to combat the rise in more sophisticated cyberattacks from nefarious states, such as setting up specific teams to disrupt terrorist groups and state hackers. However, having simple yet effective IT measures like email filters, firewalls, and network and data monitoring tools remains as vital as ever.

Guarding against Generative AI

To defend against the malicious use of generative AI and increase data protection and recovery, businesses must prioritise strong cybersecurity practices.

Firstly, companies need to make informed decisions regarding the pros and cons of using AI, namely whether its usage outweighs the risks. Internal policies on the usage of sensitive information with AI tools are a must if a company does not want to run the risk of accidentally divulging company secrets through the uncontrolled use of generative AI..

Secondly, investing in cybersecurity infrastructure, personnel, and tools is essential for staying ahead of evolving threats. While cloud services like Microsoft 365 offer some level of built-in protection against spam and malware, this tends to be entry-level, so organisations would do well to implement add-on solutions to enhance security.

Finally, and most importantly: it is essential to implement employee cybersecurity training. Simulated spear phishing attacks help to prepare and educate staff on identifying potential threats and taking the appropriate action because ultimately a business’s employee is the final line of defence. As enabling as AI is in the creation of targeted attacks, phishing is still phishing.

AI has the potential to reshape cybersecurity in ways that make malicious activity easier to execute and harder to detect. Responsible AI development and collective efforts of businesses in regard to cybersecurity can also fortify defences and protect critical infrastructure.

The post Fortifying Defences: Cybersecurity in the Dawn of AI appeared first on Cybersecurity Insiders.

 Most backup and security vendors overlook this vital communication channel

  • 70% of respondents exchange more direct messages with colleagues via User Chats than Group Channel Conversations
  • 45% send confidential and sensitive information frequently via Teams
  • This rises to 51% often sharing business-critical information
  • 48% of all respondents have accidentally sent Teams messages that should not have been sent 

Leading cybersecurity software provider Hornetsecurity has found an urgent need for greater backup for Microsoft Teams with more than half of users (45%) sending confidential and critical information frequently via the platform. Research commissioned by the company highlights the often-overlooked need for Teams backup and security, as internal business communications over chat are on the rise, reaching the same levels as communication via email.  The research was conducted by techconsult, an established German IT research and analyst firm.

 

User behaviors on Teams are ripe for data loss

Teams User Chat (direct) messaging is the preferred form of business communication over Teams Channel Conversations for 90% of respondents, and more than 41% of people send a minimum of 10 User Chat messages a day. Just over a quarter of all messages (26%) are written in Teams Group Channel Conversations, showing communication is unevenly spread across the platform. 

 

Nearly half (45%) of respondents frequently share confidential and sensitive information via Teams with 51% often sending business-critical documents and data. Users tend to send such information more when they use personal devices; 51% of those on a personal device send restricted and confidential data, compared to 29% of people on a work device.

 

It’s easy to make mistakes

The survey also found that 48% of all respondents sent messages on Teams they should not have. Of this group, 88% had been trained in the use of collaboration solutions, highlighting the need for increased and improved training on how to use Teams and the risks of sending sensitive data.

 

Urgent need for companies to scrutinise Teams backup, security and training

Over half of respondents (56%) see employee training and awareness as the primary approach to reducing cybersecurity risks. However, with 89% of respondents writing more User Chat messages than Group Channel Conversations, it is important to use a backup solution that protects all collaborative features on Teams.

 

Hornetsecurity’s CEO Daniel Hofmann said, “The increasing use of chat services has changed the way many now conduct work. With this change, the risk of data loss has unfortunately increased. Companies must have adequate safeguards in place to protect and secure business data. Otherwise, they run the risk of productivity, financial and data loss.

 

This is because Microsoft does not provide robust protection of data shared via Teams – so beyond the cybersecurity vulnerabilities, organisations must ensure information and files shared across the platform are backed up in a secure, responsible way. This is why we’re proud to offer Hornetsecurity’s 365 Total Backup, the only major third-party backup provider to protect the full range of Teams communications, from User Chats to Group Channel Conversations.”

 

For further information and a full copy of the survey: https://www.hornetsecurity.com/us/services/365-total-backup/teams-backup/

 

Notes to editors:

The Teams Backup survey by techconsult for Hornetsecurity was the result of:

        Quantitative online survey in August 2022

        Questionnaire with 19 questions

        540 participants from companies with at least 50 employees from all industries

 About Hornetsecurity

Hornetsecurity is the leading security and backup solution provider for Microsoft 365. Its flagship product is the most extensive cloud security solution for Microsoft 365 on the market, providing robust, comprehensive, award-winning protection: Spam and virus filtering, protection against phishing and ransomware, legally compliant archiving and encryption, advanced threat protection, email continuity, signatures and disclaimers. It’s an all-in-one security package that even includes backup and recovery for all data in Microsoft 365 and users’ endpoints.

Hornetsecurity Inc. is based in Pittsburgh, PA with other North America offices in Washington D.C. and Montreal, Canada. Globally, Hornetsecurity operates in more than 30 countries through its international distribution network. Its premium services are used by 50,000+ customers including Swisscom, Telefónica, KONICA MINOLTA, LVM Versicherung, and CLAAS.

The post Hornetsecurity Research Reveals Microsoft Teams Security and Backup Flaws With Nearly Half of Users Sharing Business-Critical Information on the Platform appeared first on Cybersecurity Insiders.