• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Business   »   Stop Office 365 Credential Theft with an Artificial Eye

Stop Office 365 Credential Theft with an Artificial Eye

  • Posted on:September 25, 2018
  • Posted in:Business, Microsoft, Security
  • Posted by:
    Chris Taylor
0

We all know that email remains by far the number one threat vector facing organizations today. Trend Micro blocked more than 20.4 billion threat in the first half of 2018 alone, nearly 83% of which were email borne. But there’s more: corporate email accounts have also become a key target for attackers in their own right. And as Office 365 becomes ever-more popular, its log-in page increasingly represents the frontline in the battle against phishing attacks designed to hijack email accounts. According to Osterman Research, email account takeovers now represent over two-fifths (44%) of enterprise attacks.

That’s why Trend Micro has developed a new layer of defense to add to our formidable range of email security offerings: innovative capabilities leveraging computer vision and AI to block attacks in real-time.

Office 365 email under attack

Why are email accounts so highly prized by attackers today? Because email still largely represents the nexus of an employee’s online profile. With the all-important log-ins to that account, hackers could access highly sensitive information from the inbox itself, or perhaps use the account as a “stepping stone” into other corporate systems. They could, for example, use access to craft a highly convincing phishing email sent to that employee’s colleagues elsewhere in the organization. Poor password management by employees also means that once email log-ins have been phished, an attacker could potentially also crack the victim’s other corporate accounts.

The growing popularity of Office 365 makes these log-ins a prime target for cyber-criminals. Typically a phishing email will be sent to an employee convincing them to click on a link to a website. Classic social engineering tactics are used to convince them to do so: ie, by claiming the mailbox is full; that there is an account issue that needs addressing; or potentially even that there’s an Office document a colleague wants to share.

The fake Office 365 log-in website the user is taken to can look extremely convincing. The form itself looks identical to the real version, with the same Microsoft favicon. Often the site also has a valid SSL sign and sometimes they are even set-up within a legitimate domain — making it extremely difficult for the untrained eye to spot.

Seeing the Fakes with Computer Vision and AI

Trend Micro has always been aware of the huge threat posed by phishing. That’s why we offer multiple layers of protection against malicious sites like these leveraging one of the largest threat intelligence networks on the planet, the Smart Protection Network. Now we’re introducing another tool, which blends computer vision technology with artificial intelligence to “see” fake websites.

We’ve implemented this technology on our API-based Office 365 protection service, Trend Micro Cloud App Security, which provides a second layer of advanced protection to Microsoft Office 365. The additional computer vision technique is applied to suspected phishing emails after Microsoft Exchange Online Protection and after Trend Micro filtering based on sender, content, and URL reputation. The remaining suspected URLs are further analyzed on-the-fly with the computer vision technique. Even after all of these other filtering methods, the Computer Vision + AI technology detected an additional 33,000 Office 365 credential phishing emails last month for a limited number of Cloud App Security customers.

 

Detecting existing Email Account Takeover Attacks

If an email account has been compromised via other means (malware on device, drive-by download…), Cloud App Security can detect if the account starts sending phishing emails externally or internally within the organization with advanced analysis of the content, URLs, and attachments for maliciousness.

Computer Vision+AI credential phishing detection has been working in the backend for Cloud App Security since April. In the October Cloud App Security release, the logs will start showing which URLs were detected with this new technology as credential phishing sites/emails. You can learn more about Cloud App Security at www.trendmicro.com/office365,

Related posts:

  1. How Trend Micro can help you navigate the changing email security landscape – Forefront, McAfee and Office 365
  2. Beyond Catching Sender Spoofing – using AI to stop email fraud and Business Email Compromise
  3. How We Boost the Security of Office 365 by Blocking 3.4 Million High-Risk Email Threats
  4. How Artificial Intelligence and Machine Learning are improving cybersecurity

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.