Office 365 missed nearly 1-million spam, phishing, and other e-mails in September 2017 that contained malware of 10-million e-mails verified.
By Tallen Harmsen, head of IndigoCube Cyber Security
Of that number, the darkreading.com story continues, about 34 000 were phishing mails, which was not too surprising, but what was a little surprising and even concerning was that around 2 500 of the mails contained malware that was well documented.
The security researcher quoted notes that 2 500 is a very small part of the total, around 0,4%, but that it is the most dangerous part and should have been easily netted using simple threat signatures.
And who is to blame for the total 10% of spam, phishing, and malware mails sneaking through? Microsoft or the customer? Both should actually shoulder at least partial responsibility. Users apparently misconfigured their systems and their policies were poor. But Microsoft is said to rely on reputation-based filtering that uses a database that lags today’s surge of distributed attacks that involve malware, phishing, spam, and botnets associated with fresh IPs.
Microsoft’s solution is particularly reliant on reputation-based filtering. That means their knowledge is only as good as the database. Today’s commonly distributed attacks typically involve many fresh IPs so the database cannot pick them up. Tracking new IPs is extremely difficult and only reliable following an attack, which means it’s too late.
IP-based filtering is a necessary security layer but it cannot be the only one. That’s why we ally that with deep threat intelligence from the dark web, in real-time, combined with reputational data to get the most comprehensive, up-to-date information on the threat landscape.
It’s the only way to get a five-times hash indicator increase, enriched with intelligence from the dark web, on-demand lookup of five billion files for real-time intelligence, and combined with context for over 10 million hashes historically observed and enhanced with additional intelligence.
The result is that cyber threat prevention benefits through real-time intelligence enrichment.
Had Microsoft used this approach it would have had updated information on new IP addresses associated with distributed attacks. But it’s traditional reputational approach simply can’t cope in our modern world of evolved cyber attacks. And it’s an approach that keeps you a step behind the hackers.
It pays to at least keep pace with the baddies. Missing a million spam, phishing, and malware mails isn’t quite keeping pace. Microsoft has undoubtedly remedied the situation. Shouldn’t you?