Office 365
is the fastest growing SaaS offering globally. It is also the most targeted by
hackers today as phishing and Ransomware transform into business models in the
Dark Web world. Breaches come from emails and misused identities and the
attacks only accelerate by the minute. It is high time that Office 365 admins
hack-proof their environments – and it is possible with the tools available
from Microsoft – tools for studying, analyzing, warning and preventing attacks
and plugging vulnerabilities.
The recent
Wannacry ransomware attack has created a sense of panic among enterprises using
Office 365; remember other cloud services too, are not immune to hacking
attacks. Attackers use Social engineering to gain access to the victim’s
identity, data and device. It is a security attack vector that involves
tricking someone into breaking normal security procedures.
A social
engineer runs what used to be called a "con game." Techniques such as
appeal to vanity, appeal to authority and appeal to greed are often used in
social engineering attacks. Many social engineering exploits simply rely on
people's willingness to be helpful. For example, the attacker might pretend to
be a co-worker who has some kind of urgent problem that requires access to
additional network resources.
Popular
types of social engineering attacks include:
Baiting: Baiting is when an attacker leaves a malware-infected physical device, such as a USB flash drive in a place it is sure to be found. The finder then picks up the device and loads it onto his or her computer, unintentionally installing the malware.
Phishing: Phishing is when a malicious party sends a fraudulent email disguised as a legitimate email, often purporting to be from a trusted source. The message is meant to trick the recipient into sharing personal or financial information or clicking on a link that installs malware.
Spear phishing: Spear phishing is like phishing, but tailored for a specific individual or organization.
Pretexting: Pretexting is when one party lies to another to gain access to privileged data. For example, a pretexting scam could involve an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
Scareware: Scareware involves tricking the victim into thinking his computer is infected with malware or has inadvertently downloaded illegal content. The attacker then offers the victim a solution that will fix the bogus problem; in reality, the victim is simply tricked into downloading and installing the attacker's malware.
Security
experts recommend that IT departments regularly carry out penetration tests
that use social engineering techniques. This will help administrators learn
which types of users pose the most risk for specific types of attacks while
also identifying which employees require additional training. Security awareness
training can go a long way towards preventing social engineering attacks. If
people know what forms social engineering attacks are likely to take, they will
be less likely to become victims.
Fortunately,
Microsoft provides enough tools to protect its users and especially Office 365
subscribers from such attacks.
Exchange
Online Protection (EOP)
Microsoft
Exchange Online Protection (EOP) is a cloud-based email filtering service that
helps protect your organization against spam and malware, and includes features
to safeguard your organization from messaging-policy violations. EOP can
simplify the management of your messaging environment and alleviate many of the
burdens that come with maintaining on-premises hardware and software.
As a part
of Microsoft Exchange Online By default, EOP protects
Microsoft Exchange Online cloud-hosted mailboxes. Exchange Online Protection
provides protection against malicious links by scanning content.
Advanced Threat Protection (ATP)
Securing mailboxes - With Exchange Online Advanced Threat Protection, admins can protect mailboxes against new, sophisticated attacks in real time. By protecting against unsafe attachments and expanding protection against malicious links, it complements the security features of Exchange Online Protection to provide better zero-day protection.
Protection against Unsafe Attachments - With Safe Attachments, admins can prevent malicious attachments from impacting the messaging environment, even if their signatures are not known. All suspicious content goes through a real-time behavioral malware analysis that uses machine learning techniques to evaluate the content for suspicious activity.
Unsafe attachments are sandboxed in a detonation chamber before being sent to recipients. The advantage is a malware free and cleaner inbox with better zero-day attack protection.
Protection of the environment when users click malicious links - Safe Links expands on EOP by protecting the O365 environment when users click a link. While the content is being scanned, the URLs are rewritten to go through Office 365. The URLs are examined in real time, at the time a user clicks them. URL detonation provides deeper protection against malicious URLs. Not only does Microsoft check a list of malicious URLs when a user clicks on a link, but Office 365 will also perform real-time behavioural malware analysis in a sandbox environment to identify malicious attachments. URL reputation checks are part of Advanced Threat Protection. If a link is unsafe, the user is warned not to visit the site or informed that the site has been blocked. Reporting is available, so administrators can track which users clicked a link and when they clicked it.
Dynamic delivery— Better performance and lower latency for emails with attachments. Users will see a placeholder while attachments are scanned in a sandbox environment. If deemed safe, attachments are re-inserted into the email.
Rich reporting and tracking links in messages — Gaining critical insights into who is being targeted in the organization and the category of attacks the organization is facing. Reporting and message trace allow admins to investigate messages that have been blocked due to unknown viruses or malware, while URL trace capability allows admins to track individual malicious links in the messages that have been clicked. Get better insights to malware activity. Security admins will have a new reporting dashboard to see details of malware that Office 365 Advanced Threat Protection is analyzing.
Intelligence sharing with Windows Defender Advanced Threat Protection— Security admins will be able to see malware activity and relationships across Windows 10 and Office 365.
Broader protection— Advanced Threat Protection extends to include protection for SharePoint Online, Word, Excel, PowerPoint and OneDrive for Business.
Threat Intelligence
The office 365 Threat Intelligence service provides information on security using data from various sources. The data is harvested via the Microsoft Intelligent security Graph technology. Organizations are being targeted with increasingly sophisticated attacks.
Threat Intelligence, which helps admins proactively uncover and protect against advanced threats by analysing billions of data signals across Office consumer and commercial services.
It also provides deep insights from cyber threat hunters to create a comprehensive view of malware trends around the world. In addition, Microsoft is integrating signals from Windows and Azure to help customers realize the full benefit of the Microsoft Cloud.
Security admins will see a dashboard with rich insights to do deep investigation of malware and will be able to integrate data with existing security management tools.
Threat Intelligence takes it a step further by alerting security admins and proactively creating and suggesting security policies to help protect against malware. For example, if analytics show that attacks are happening in the financial industry, the service will alert customers in finance and related areas to the trend. Threat Intelligence will also dynamically create and suggest additional security policies to help protect you before they get to
your network.
Advanced
Data Governance
Microsoft
has also brought Advanced Data Governance to Office 365 to help customers
manage the exploding volume and increasing complexity of corporate data. Microsoft
applies intelligence to help admins achieve organizational compliance and
automate data retention.
Enterprises
will be able to classify, set policy and take action on the data that is most
relevant for their organization and industry, with recommendations driven by
behavioral analysis and machine learning.
Advanced
Data Governance includes the following capabilities:
Import—Intelligently import only the data needed from on-premises and third-party archives using classifications such as age, data type, user or groups, sensitivity or importance.
Policies—Policy recommendations are provided, based on machine assisted insights of the data, classifications, tenant, organization, industry, geography and more. Recommendations may include delete, move, encrypt or share.
Retention—Intelligently preserve only what’s important to the organization by using classifications such as keywords, age, data type, user or group, sensitivity, importance. Integration with line-of-business systems allows admins to trigger retention based upon events, such as creation of a human resources record.
Advanced
Data Governance will help organizations apply the right actions to preserve
high value data and purge redundant or obsolete data.
Advanced
Security Management (ASM)
Microsoft
has launched Advanced Security Management to help give organizations visibility
and control over security in Office 365.
They
have added a new feature lately called Productivity App Discovery, which will
help IT pros and security operations teams understand their organization’s
usage of Office 365 and other productivity cloud services. This will help them
to better determine the extent to which shadow IT is occurring in their
organization.
Productivity
App Discovery shows usage of Office 365 and other productivity cloud services. App
Permissions will assist in monitoring applications that users are connecting to
Office 365.
Office 365 Secure
Score
The Office
365 Secure Score is available to help organization evaluate their security level
in Office 365. Secure Score analyzes an Office 365 organization’s security
based on their regular activities and security settings and assigns a score. It
is a credit score for security.
Secure
Score figures out what Office 365 services an organization is using (like
OneDrive, SharePoint, and Exchange) then looks at the settings and activities
and compares them to a baseline established by Microsoft. O365 admins get a
score based on how aligned they are with best security practices.
Using
Secure Score helps increase an organization’s security by encouraging them to
use the built-in security features in Office 365 (many of which they have
already purchased but might not be aware of). Learning more about these
features as they use the tool will help give them piece of mind that they are
taking the right steps to protect their organization from threats.
Admins must
check secure scores reports weekly. A sample list of reports is presented here:
Sign-ins after multiple failure report
Sign-ins from unknown sources report
Sign-ins from multiple geographies report
Mailbox access by non-owners report
Malware detections report
Sing-in devices report
Account provisioning activity report
Non-global administrators report
Making use of these features that are made available by Microsoft will help enterprises not only defend themselves from hackers but also keep winning the battles against them.