FBI: Existing Cloud Email Protection Inadequate Against Phishing, Ransomware

For the second time within a month, the FBI is warning of sophisticated COVID-19 related business email compromise (BEC) scams exploiting cloud email services to steal users’ account credentials, and is urging businesses to take immediate action by implementing critical additional layers of protection in Microsoft 365 and Google Workspace.

More organizations than ever are migrating to cloud-based email - especially with many employees being asked to work from home in the midst of the current pandemic - and threat actors are keeping pace, directing more attacks than ever at Microsoft 365 and Google Workspace users than ever before. Guardian Digital has identified and blocked more malicious emails targeting Microsoft 365 users in March of 2020 than in any other month since the company’s inception in 1999. 

Although the threat that BEC and credential theft pose in Microsoft 365 and Google Workspace has been heightened by the recent COVID-19 outbreak, attacks targeting cloud email are nothing new. Between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling over $2.1 billion in actual losses due to BEC scams targeting Microsoft 365 and Google Workspace. Both the prevalence and the success of these attacks can be attributed to the fact that, without additional layers of security, these cloud platforms are inherently vulnerable - making them a highly attractive target for cyber criminals. According to the FBI, “Thirty percent of phishing attacks make it through existing systems and are opened by target users.” Clearly, the security features that constitute Microsoft Exchange Online Protection (EOP) - the default protection in Microsoft 365 - are glaringly inadequate, leaving users susceptible to credential theft, account takeovers and other advanced exploits. Is insufficient cloud email protection leaving your users - and your business - in danger? 

How BEC Scams Targeting Cloud Email Services Work

To abuse cloud email services, threat actors use email service-aware phish kits that closely imitate the services' interface. The phish kits are designed to deceive employees into handing over account credentials. Targets are directed to these phish kits via large-scale phishing campaigns.

Once employees’ credentials are in the hands of attackers, they are able to analyze the compromised accounts for financial transactions. The FBI elaborates, “Using the information gathered from compromised accounts, cybercriminals impersonate email communications between compromised businesses and third parties, such as vendors or customers. The scammers will then impersonate employees or business partners, with the end goal of redirecting payments to bank accounts they control.” Thieves will also use compromised information to launch additional phishing attacks and compromise other businesses, enabling them to easily target other organizations within the same or similar industry sectors.

Email Risk is Magnified for Small Businesses

Guardian Digital has noticed that these dangerous BEC attacks designed to exploit the COVID-19 pandemic are targeting businesses of all sizes in all industry sectors, with a disproportionate amount of exploits victimizing small businesses. This trend is consistent with the FBI’s findings: “Although Google Workspace, Microsoft 365, and other popular cloud-based email services come with built-in security features that could help block BEC attempts, many of these features aren't enabled by default and have to be manually configured or toggled on by IT admins and security teams. Because of this, small and medium-size organizations, or those with limited IT resources, are most vulnerable to BEC scams.” Thus, additional protection for cloud email is especially critical for small businesses. Guardian Digital CEO Dave Wreski explains, “It is crucial that small companies with limited resources and funding to put toward security implement a fully-managed email security solution designed to fortify cloud email with the additional layers of security necessary to combat today’s sophisticated attacks. Guardian Digital EnGarde Cloud Email Security makes enterprise-grade email protection available to small- and medium-sized businesses at affordable prices, eliminating the need for a full-time IT department or mail administrator.”

Best Practices for Mitigating BEC Risk in Microsoft 365 and Google Workspace

In addition to implementing a solution that provides the critical additional layers of security that are necessary to defend against attacks exploiting cloud email, the FBI urges users to engage in the following best practices to prevent BEC attacks:

• Enable multi-factor authentication for all email accounts.
• Verify all payment changes and transactions in-person or via a known telephone number.
• Educate employees about BEC scams, including preventative strategies such as how to identify phishing emails and how to respond to suspected compromises.

The FBI suggests that IT administrators take the following measures to mitigate BEC risk:

• Prohibit automatic forwarding of email to external addresses.
• Add an email banner to messages coming from outside your organization.
• Prohibit legacy email protocols such as POP, IMAP, and SMTP that can be used to circumvent multi-factor authentication.
• Ensure mailbox logon and settings changes are logged and retained for at least 90 days.
• Enable alerts for suspicious activity such as foreign logins.
• Enable security features that block malicious email such as anti-phishing and anti-spoofing policies.
• Configure Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) to prevent spoofing and to validate email.
• Disable legacy account authentication.

Defense-in-Depth: The Key to Protecting Microsoft 365 and Google Workspace Users

Defense-in-depth is essential to safeguarding users in Microsoft 365, Google Workspace and other cloud platforms. The default security provided within these platforms is no match for today’s advanced exploits, and organizations cannot rely on administrators to configure their email service to be 100 percent secure. Multiple layers of additional protection working harmoniously to detect and stop threats to cloud email in real-time and are most effective in protecting users in these platforms.

The need for effective, multi-layered cloud email protection has never been greater. Guardian Digital recognizes the importance of fortifying cloud email with additional layers of real-time protection and offers clients comprehensive, full-managed email vigilance in Microsoft 365 and Google Workspace, providing companies with the invaluable peace of mind that their employees are safe in this dangerous, frightening time.

Key benefits of choosing Guardian Digital to secure your cloud email include:

• Multi-layered, real-time defense against social engineering and impersonation attacks
• Tighter security, adaptive implementation and eliminated risk of vendor lock-in through the use of a transparent, collaborative development approach
• Scalable cloud-based system simplifies deployment and increases availability
• Expert, caring around-the-clock customer support services and remote system monitoring

Download Guardian Digital’s free Microsoft 365 protection guide to learn more about the inherent vulnerability of cloud email services and how EnGarde Cloud Email Security safeguards users in Microsoft 365.