Which attacks bypassed O365 ATP?
In the last couple of weeks, we noticed a significant increase in the number of threats bypassing O365 ATP. We observed the same trend across multiple customers and industries, all in the US. Interestingly, most of these attacks were phishing campaigns, impersonating Microsoft.
Detecting cyberthreats that bypassed O365, along with other advanced email security solutions such as Proofpoint TAP and G Suite Enterprise, is not new to us. As BitDam’s Advanced Threat Detection is located as a last line of defense, it detects all those threats that were missed by the first line email security in place. If you’d like to learn more, you can always check out the most recent cyberattacks in the wild and which security solutions they missed in this live dashboard.
With that said, in the past two weeks, we noticed something different. Between May 13th to May 27th we have seen a drastic increase in the number of cyberattacks that were missed specifically by O365 ATP across most of our customers in the US. This includes malicious files and phishing links delivered by email. Here is some interesting statistics:
- 67% of the malicious emails misses by O365 ATP were phishing emails, the other 33% contained malware
- 90% of the phishing emails tried capturing credentials for Microsoft’s products, many of them by using notifications such as ‘a document is waiting for you’, or ‘a voicemail is waiting for you’.
- 98% of the malicious files were excel files, with many of them using macros
- 89% of the malicious excel files included ‘invoice’, ‘receipt’ in their filename
Since we have expanded our offering from malware detection only to providing also phishing protection, our researchers see constant growth in the number of phishing attacks. In the past few weeks, this trend was accelerated, and they have observed a significant spike in this type of attack. While it’s a known fact that phishing is the leading threat exploiting COVID-19, we were surprised to see the portion of phishing attacks that bypass O365 ATP, one of the leading email security solutions in the market. In one case, protecting a customer that uses O365 ATP, BitDam detected 29 malicious files in one day (!) targeting mainly the organization’s executives.
To get a real and continuous picture of how protected your email is against TODAY’s threats – which attacks are missed by your current email security and what types of attacks are putting your organization at risk – sign up for BitDam’s next generation Breach & Attack Simulation here. Spoiler: you’re going to be surprised…