Mid-March, merely a few months ago, I wrote my blog text regarding how the changes in our daily routines during COVID-19 pandemic will attract malicious and criminal actors’ attention. At that time, we had already seen COVID-19 related phishing and other ambiguous emails from offenders and ill-doers. Now that few months has passed it has become quite clear the prolonged situation is attracting more and more criminals to take advantage of the situation.
We have also noticed the change in our security workshops with our customers. With most of our customers the majority of COVID-19 related phishing and malware email based attacks are being stopped by O365 ATP solutions, but as always, a small number of these attack emails find their way through all the filters ending in recipients inboxes. And it is these emails we should be worried about – especially from the point of what the recipient did with the malicious email they received.
The fact the recipient received a malicious email does not necessarily mean the recipient lost their credentials to attackers or their computers are now full of malware. No, it only tells us the fact the email was delivered.
Follow the URL use
To understand what happened next after the delivery, organizations need totally new set of security tools. O365 ATP Safe Links and Safe Attachments will enable an extra layer of protection before the email or attachment in it will be delivered to a recipient.
In case the email avoids the extra detection layer and gets delivered to a recipient, the Safe Links functionality will give organizations security experts an enhanced view to what the recipients did with the email: did they delete it or did they click the link on the email. And if they clicked, the security experts can now concentrate on those emails and recipients to avoid further problems such as recipients losing their credentials to malicious actors.
Monitoring and governing enormous amounts of emails and acting upon only the ones which need security experts’ attentions is undoable without right security and monitoring tools without forgetting the right kind of training to security experts and employees of an organization.
This is where Sulava can help you. We can deliver online training to both experts and employees; we can help to implement O365 ATP with all its’ options in use. Also, we can help you to understand the current risks to your cloud environment by delivering our Security Workshop.
Do not hesitate to contact us. We can have a short discussion e.g. on Teams or phone about your situation after which we will propose you an appropriate approach to your problem and help you to secure your O365 email situation.
For further reading:
Open-sourcing new COVID-19 threat intelligence – Microsoft 14.5.2020
d
Marko Mikkola
Consulting & Training
Marko on tehnyt työtä asiakkaiden kyberturvan ja tietosuojan parissa parin vuosikymmenen verran. Markon vahvuuksiin kuuluu teknisen osaamisen lisäksi ymmärrys siitä, miten yritysten ihmisille tulee viestiä kyberturvasta ja tietosuojasta malleilla, joilla pyritään rakentamaan yrityksille ihmiskeskeinen kyberturvakulttuuri.