Alert: Microsoft’s email security lets fake Zoom emails in
There is a new phishing email in the neighborhood, and even though it leads to a fake Office 365 login page, Microsoft struggles to detect it and for days now, it keeps bypassing not just the basic Microsoft email security, but also the premium security – Microsoft Defender for Office 365 (also known as Office ATP).
This phishing campaign, which BitDam detected at first encounter last week, started small and after 24 hours was sprayed all over. BitDam ATP first detected this phishing email in the UK on December 2nd. While I’m writing this blog post it has already spread to the US and other countries, targeting organizations of all sizes and from a variety of industries.
As many other phishing attacks aiming to harvest Microsoft users’ credentials, this attack is sent via email. The email looks like an invitation to a Zoom meeting that contains the link to the video conference. The email messages are all identical and look like this:
While the message might not seem identical to the normal Zoom meeting email invitation (it typically includes a ‘Passcode’ rather than ‘PIN’ and doesn’t include the dial in numbers), it may trick the user. Moreover, even if the user is suspicious, he or she is very likely to go on and click the link once they see the URL looks perfectly real.
Clicking the link leads to a fake Microsoft outlook login page. In all the attacks we’ve identified, this page was hosted on various Google services that allow hosting such as googleusercontent.com or Google Storage API. The phishing page looks like this:
We saw different URLs and hosting websites used in this campaign, but all of them led to web pages that look almost the same, trying to phish for Microsoft credentials.
Not surprisingly, the attackers use various URLs and keep changing them, probably in order to avoid reputation-based engines used by Microsoft and other security controls, which may identify the link after it’s being used for a while or reported as malicious. Unfortunately, in this campaign, some of the URLs were live for 24 hours or more (we didn’t check all of them, but the ones we did were kept live for way too long).
Why is this attack interesting?
It may be hard to believe but we see phishing scams that bypass Office ATP every day. We even see a lot of phishing emails that lead to fake Microsoft webpages which go undetected by Microsoft itself. Unfortunately, this isn’t new either.
So what’s so interesting about this specific campaign? First, its volume. We saw it spreading quickly among our customers that use Microsoft email security worldwide, and Microsoft kept missing it again and again. Secondly, there is a new social engineering angle used here – the attackers could use a clickable button instead of writing the entire URL. They decided to include the URL in the email body, to reduce suspicion as some users wouldn’t click buttons or hyperlinks in unexpected emails. Once the attackers gained the user’s trust early in the ‘journey’, the user is more likely to keep believing and enter the credentials when requested.
Why does Microsoft’s Office ATP miss this attack?
We suspect that Microsoft doesn’t identify this phishing email campaign because Microsoft email defenses are based on statistical models and reputation. As long as the attack is new, and was not widely spread, Microsoft will not detect it. In addition, the constant amendment to the specific URLs used in this campaign, makes it difficult to track it when basing the detection on reputation. Using Google legitimate websites for hosting, makes it even harder.
BitDam, on the other hand, doesn’t base its detection on knowledge about past attacks, which allows BitDam ATP to detect and stop new threats when they’re seen for the first time.
How to avoid such attacks?
The easiest way is to augment the security you get from Microsoft with a dedicated, more advanced email security defense layer that uses a different technological approach and which detects such phishing attacks and other threats that Microsoft tend not to identify when they’re still new.
If you don’t have such a solution in place, it’s recommended to hover the mouse on the link and verify it goes to Zoom website. Many organizations use URL rewrite (i.e. safelinks or urldefense) which prevents users from actually seeing the domain the URL is pointing to. In that case, it is ok to click the link but never enter your Office 365 credentials. If you think about it, why should Zoom need your Office 365 authentication?
And last but not least, if you aren’t sure about a link, you can alway scan it using BitDam online URL scanner and you’ll know if it’s a phishing scam in seconds.
Alert: The new phishing combo trick that bypasses Office ATP
A few weeks ago, BitDam ATP detected an outstanding attack that was sent over email to one of our European customers and easily bypassed Office ATP. We analyzed it and since it was super-targeted, we assumed it’s a one time thing and moved on.
Surprisingly, since then we detected a few other attacks that use the same tactic. That’s when I thought it’s worthwhile to tell you guys about it!
Legitimate Sender and Email Address
It all starts with an email that is sent from a real legitimate email account. Seems like the hacker gained control over a mailbox of a real person. Moreover, in all these instances that we detected, the sender was from an organization that is in constant relationship with the targeted organization. Obviously, the attacker did some research prior to launching the attack. He or she targeted a specific organization and searched for vulnerabilities in the organizations surrounding that target – vendors, clients or service providers. Once such an opening was found, the attacker used it to take over a real email and send messages on behalf of a real user. Since this is a very targeted scam, it is likely that the compromised email owner didn’t even notice that an email that he was not intending to send was sent out of his mailbox.
Hiding Phishing in a Multiple-hop Journey
The next step was luring the receiver to click something. In one of these cases, the receiver was sent a “document” that he was requested to sign using DocuSign. Clicking the DocuSign button took him to a fake DocuSign page hosted on SharePoint, with a button saying “Please proceed here”. Clicking that, the user was transferred to a phishing webpage that looks exactly like a Microsoft login page, asking for the victim’s Microsoft credentials.
In another case, the excuse was “SENDER shared a file with you” using the sender’s real name.
Clicking the ‘open file’ button leads to what looks like a OneDrive webpage, which requires another link to access the document. This link is the phishing URL – taking the victim to a OneDrive login page that asks for username and password.
The first hop in all these attacks was hosted on SharePoint, which makes them more reliable and helps them to evade both email security and suspicious users.
Why are these attacks so dangerous?
These targeted attacks are extremely dangerous from two main reasons:
Office ATP misses them. Even though BitDam ATP stopped them, they are proven to bypass Office ATP as well as other email security solutions. Why? First, since these attacks are very targeted and unique, they go below the radar of statistic-based security solutions. Secondly, because the phishing link is hidden behind several steps (a few clicks are required before getting to the phishing URL), and most security solutions fail to follow all these steps when scanning emails.
They look very real! Sent from a real person’s mailbox, who the victim is in touch with, going through several web pages that all look legit and asking to login in order to access a file. All that looks like a normal and legit journey to access a file that someone you work with sent you. None of this is out of context so there is no reason the receiver will be suspicious.
The main thing that makes these attacks so unique and successful is the trick they are using in order to evade anti-phishing solutions. Combining multiple hops while counting on the user’s behavior to move from one hop to another, makes it almost impossible for email security solutions to identify that there is a phishing URL hiding there.
This, combined with the fact that these attacks are used rarely and are very targeted, turns them to undetectable by security solutions that base their verdict on statistical and machine learning models such as Office ATP and Proofpoint TAP. Using a different scanning approach that is 100% attack agnostic and doesn’t rely on knowledge of other threats, BitDam detects these attacks.
The Benefits of Targeted Attacks
In our video series ‘Get into The Phisher’s Mind’ which covers the decisions hackers have to make when they plan a phishing scam, we discussed spraying vs. cherry-picking. As you can easily tell, the attackers in these cases chose to go cherry-picking and tailored the attack to their specific target.
The cost for the attackers creating such a focused scam is clear – higher investment per attack. So why would they do that? The reason is that using such a targeted method, these attacks go below the radar of reputation and statistic-based detection engines which dramatically reduce their chances to be caught. Since many organizations these days still count on Office ATP as their main email protection, it’s safe to assume that the attack will reach the victim’s mailbox and he or she will be tricked.
The bottom line is that no matter how educated the receiver of these attacks is about phishing, the chances to realize that this is a phishing scam are very low. In addition, the commonly used anti-phishing solutions are struggling to detect these multiple-hop phishing attacks, especially if they are rare or targeted, so the risk is high.
What Can Be Done?
Trying to finish this post with a positive tone, I would encourage you to test your email security against the newest and most sophisticated threats that are out there, and would offer to protect your email and other collaboration tools using an advanced solution like BitDam’s. You can register for a free trial and see how effective it is on your own.
An old threat has resurfaced, and in its latest guise, it has been able to consistently bypass Office ATP security measures.
For over six months now we’ve seen this method of attack actively using Excel4Macro to deliver dangerous malware – including hundreds of such attacks in the U.S in the past few weeks. These attacks keep coming, and at BitDam we’ve noted more than 500 unique incidents within the past two weeks of October.
It’s not just Microsoft Office ATP that’s missing this threat – other advanced email solutions are being bypassed over and over again.
The malware in question is called zLoader. In this piece, we’ll look at it in more detail, including the steps you can take to ensure you’re safe from this type of attack.
zLoader is back
zLoader is a variant of the Zeus banking malware, which was first spotted in the wild in 2006. It is deployed onto a victim’s infrastructure through Office macros, and is then able to steal passwords, make financial transactions and exfiltrate sensitive data.
This latest version of zLoader includes numerous evasion and obfuscation techniques. For example, it does not fetch the payload unless certain criteria are met, like a sound card being present. This, along with other techniques such as junk code and encrypted strings, have helped this campaign to be so successful.
What does it actually look like?
This Excel4Macro attack, as the name suggests, takes advantage of Excel macros – essentially an automated set of actions.
Initially the user is presented with an Excel spreadsheet that attempts to convince them to “enable editing” and “enable content” and thus circumvent default Microsoft security features. To do this, various ploys are used: from “download this invoice” to “a family member has been exposed to COVID-19”.
Varying degrees of sophistication are employed. What follows is a relatively simple example. Note the ruse and the calls to action.
As you can see, there is another sheet or tab present. If one were to open it up and search for non-empty cells, the Excel4Macro attack would be immediately visible. Here’s a sample of it:
This threat however, is constantly evolving. The way it is being used now is more complex and sophisticated than ever before, with the threat actors finding increasingly devious ways to obfuscate the Excel4Macro element of the attack.
Not content with stopping there, they are now even using new functions of Excel4Macro to evade current Office ATP detection techniques, fetch the zLoader malware from a remote server, and run it on the victim’s machine.
Analysis and protective measures
Based on testing using BitDam’s BAS2.0, these attacks are not being detected by Office ATP, even a full 48 hours after the first time that Office ATP has encountered them.
To assess your organization’s current vulnerability to zLoader and other real-world, real-time malware and phishing attacks, BitDam provides a range of tools to gauge your current risk profile and protect against the latest threats.
When it comes to assessment tools, BitDam offers incredible functionality and coverage with BAS and BAS2.0.
And for comprehensive advanced threat protection against the latest and evolving threats, try BitDam ATP for the Enterprise or SMEs.
Norman McKeown, LSH Auto UK on BitDam Office365 Email, OneDrive and MS Teams
Norman McKeown, LSH Auto UK on BitDam Office365 email, OneDrive and MS Teams
We’ve interviewed Norman McKeown, LSH Auto UK Head of Information Technology about his experience with BitDam’s Advanced Threat Protection (ATP). LSH Auto is the largest Mercedes Benz dealerships in the UK.
Here is the result in video and text:
Q: How did the COVID-19 pandemic present new challenges for LSH Auto? Collaborating digitally was maybe not as big a piece of the puzzle previously?
A: Yeah. COVID-19, I think for a lot of organizations, certainly ours, came out of the blue and came on very quickly. Being an automobile organization, a car company, we are quite old-fashioned in the way we do a lot of things. Digital collaboration, remote working, was not normal practice for our business. When COVID-19 hit we had to figure out how can we keep certain areas of the business trading whilst working remotely? It was a whole new level of collaboration, a whole new level of data protection. A whole new level of information transfer that we had not previously done as an organization or indeed as an industry before. The biggest challenge was how could we quickly convert to that mode of working while still keeping our systems secure, keeping our users secure, and as I say, keeping our customers’ information secure. It was a very, very quick and rapid change of use of technology for us as a group.
Q: As you were evaluating potential solutions, why did LSH Auto ultimately decide to invest in BitDam?
A: BitDam came to my attention as a relatively new organization. But their approach to, initially email security, which was the first area I was looking at, was a very different approach to what I’d seen with some of the other ATP companies that I was dealing with. The big wins for me was their ease of integration. Setting it up couldn’t have been simpler. I didn’t have to change my users where I was working. They carry on working as normal. But also the ability to react whenever new threats came out. The ability to react and ensure that we were protected against those threats was one of the biggest wins for me that meant I didn’t have to think about speaking to my ATP company to say, “This new threat is available, can you help protect us against it?” BitDam were already ahead of the curve and quite often protecting me before I’d even had a chance to talk to them about it.
Q: Now moving on to more of the results that you see now that you’re partnering with BitDam. From a high level, what are the results been? What does BitDam enable for LSH Auto?
A: Since we’ve implemented BitDam, we’ve seen a significant drop in the number of phishing emails and rogue emails that have come into our system, into our users’ inboxes. For me, with a very small IT department to support the group, it’s great having BitDam on board because by the time we’ve received the notification, we know that this batch has already been dealt with and handled and it’s an awareness notification for us. Seeing what has made through our first level of defense and having BitDam as our second level of defense and since expanded from just the email into OneDrive, into Teams, into SmartLink scanning, means that I know my users are secure and that very, very little rogue data gets through us to my users’ inbox. That has made my life a lot easier, of almost not having to think about it from that respect.
Q: What would you say the number one biggest benefit of BitDam has been??
A: I’d say the ease of deployment has to be the biggest win for me as head of IT and for us as an organization. Looking at solutions that would involve changing the way users operate, there’s a human element in that. Where they risk forgetting to use the secure route. Forgetting to click on the secure button. With BitDam, we were able to deploy it centrally from the IT division in a very quick period of time. Our users carry on as they normally do. They don’t have to think about it. They don’t have to think about system security. It just integrates seamlessly with Office 365 platform and scans everything in the background. Definitely for us, one of the biggest wins is we could roll it out with essentially no user training.
Q: How does BitDam, for OneDrive and Teams, helped you to address some of those challenges that you spoke of earlier with collaborating remotely?
A: We’ve originally deployed BitDam against our email client, we’ve since expanded the protection to cover our OneDrive and our Teams portions of Office 365. This was actually done prior to COVID, really causing an issue in the UK. But for us it meant we were in a really strong position to bring the company into a digital world and digital collaboration. It meant we could securely share business information, financial information, customer information. Knowing that we had this level of protection in our system, that should any attack try to come in, we had this level of protection that could stop that from compromising our data and ultimately compromising our customers’ information. It made life an awful lot easier for us moving to the new world of remote working.
Q: Has BitDam ATP caught threats that have been missed by Microsoft Office ATP?
A: One of the reasons why I wanted to look for an additional ATP program was I was seeing a number of threats coming through our Microsoft Office ATP program. Whilst it was picking up a large number, I still had a significant number of threats coming through and reaching the users’ mailboxes. Some of which were easy to spot, some, even for me as a seasoned professional in IT, took quite a bit of analysis to determine, was it a phishing email or was it a genuine one? Once we introduced the BitDam platform as a second line of defense, we then noticed that those that were coming through and bypassing the Microsoft ATP were then being picked up by the BitDam platform and stopping reaching our end users’ mailboxes and our end users’ OneDrives, which really give us that extra added level of security that we were looking for.
Our researchers recently observed a new trend in phishing email campaigns that is worth sharing here. We all know how almost 20% of the phishing emails out there are faking Microsoft login pages, aiming to steal Office 365 credentials. Some of you may even be careful when getting an email that links to a Microsoft login webpage, suspecting it might be a phishing scam. You’re definitely right about this one! But, would you ever suspect a Microsoft login page that uses your corporate logo, branding and URL? This is what hackers started doing recently, to fool both end-users and email security engines.
The New Way of Stealing Office 365 Credentials
Traditionally, phishing attacks that lure users into entering their Microsoft credentials use fake generic O365 login-pages with a Microsoft logo that look like this one:
The new method includes the following elements that, together, make it almost impossible to notice that this is not the real brand’s login page:
1. The targeted organization’s logo. The organization’s logo is injected into the O365 login page. Not only that this helps the fake page look more real to users, it also makes it harder for phishing detection engines that are based on reputation or image analysis to detect it. The fake login page would look like this:
2. The targeted organization’s domain URL in the link the user sees (it will later on redirect to the phishing URL). The majority of phishing attacks use an original URL that redirects to the malicious URL. This is done as a basic technique to bypass phishing detection engines as well as suspicious users. In these tailored attacks, the hackers use the organization’s name in an original URL so it contains the domain name of the targeted organization. As you can see in the screenshot, they typically insert the victim’s organization name in the beginning of the URL so that’s what the users see when they hover over the link or click it. This way, they are less likely to think it is ungenuine.
3. The target organization’s branding or look and feel in the background. In case the two techniques that I described above are not convincing enough, some attackers take it to the next level and use a background that fits the victim’s branding. This could be some kind of an image or a branded background that is available online.
4-fold Increase in The Prevalence of Such Attacks
In the past couple of months, we noticed a dramatic increase in the prevalence of these attacks among BitDam customers. In fact, the prevalence of such attacks in August was more than 400% of the prevalence in July. The trend continued in September with an additional slight increase and keeps going on as I write this post. This implies that these campaigns use some kind of automated tools that were published recently.
We detected these tailored Office 365 phishing attacks in organizations of all sizes, including both small businesses of a few dozens of users and large corporates. This strengthens our assumption that faking these login pages is automated and that there are new phishing kits that allow using the above techniques easily.
The emails that lure victims into clicking the link that would take them to their Office 365 account vary as well. Many of them include a notification saying that there is a voice message waiting for them, some use the excuse of Office 365 password expiration, some say that you’ve failed to receive a message from tax authorities and so on. If victims take the bait and click the link, they are then redirected to what looks like their organization’s Office 365 login page but is actually a phishing page aiming to steal their credentials.
Phishing scammers’ lives are much easier these days. In the past, bad actors had to work hard in order to build such a customized phishing attack, and these were typically saved for the big fish. Nowadays, all they need is to search online for the newest toolkits and they can spray it all over.
Unfortunately, this makes the lives of both the organizations aiming to protect their employees and assets, and the security vendors that help them doing so, much more difficult. In order to protect from such threats, as well as other emerging phishing techniques, organizations need to make sure their email security can protect from any phishing attack and technique, even the ones that are yet not known or commonly used. In these cases, reputation-based security solutions or the ones based on signatures, would not help, as these attacks are customised per organization and can’t be updated at the needed pace. Thanks to its unique attack-agnostic approach, BitDam ATP detected these threats at first encounter, when they’ve just emerged and without any changes to its detection mechanism.
While BitDam ATP identified these phishing attacks and blocked them before they reached the users’ mailboxes, the phishing method described in this post is going below the radar of most Advanced Threat Protection solutions, including Microsoft’s Office ATP. I recommend testing your email security against these attacks as well as others to better understand your security posture. You may do this using Breach & Attack Simulation tools such as BitDam Lucky Meter.
Traditional Breach And Attack Simulation Is Outdated – Here’s Why
Just glancing at the headlines, it’s easy to see that phishing, fraud, and ransomware campaigns are on the rise. This has been driven by numerous factors, including the availability of “phishing kits” available for purchase on the dark web. Malicious actors are getting more sophisticated and are targeting companies of all sizes and in any industry. So how do you keep your organization safe?
Assessing Strengths and Weaknesses
A great place to start is with understanding your current security posture. Where are your weaknesses? What areas need to be shored up? Finding and evaluating your gaps and vulnerabilities is the first step in keeping your data, users, and network safe. Running tests – including an email security test, malware test, and phishing test – is an important way to gain insights into your vulnerabilities.
Pen Testing to Find Answers
This is where pen testing (penetration testing) is often used. Generally speaking, pen testing comprises a single test that is built from artificial attack samples.
However, this approach has a number of drawbacks. Artificial attacks just do not provide the same assurance or insights as the real thing. Your current architecture might cope just fine with artificial incursions but might fail when it comes to the real thing.
Pen testing is therefore increasingly being replaced by Breach and Attack Simulation (BAS) tools.
Breach and Attack Simulation (BAS)
BAS tools provide an ongoing evaluation of your organization’s security posture. The promise of BAS was enticing: the ability to simulate real attacks that are updated based on attack trends and threat popularity. This has led to a market for BAS tools that is growing rapidly.
As great as BAS is, there remains a difficulty – one that could mean the difference between successfully thwarting a cyber attack, or falling victim to such an attack.
BAS solutions still use artificial attacks, and thus cannot effectively tell you how your security stack will deal with a real-world, live threat. Threats are simulated based on those seen in the wild, but by definition these are still simulated, a reflection of the real attack.
Preparing for the next threat
There is a dangerous time lag from when a new attack is released until it is incorporated into BAS solutions. With malicious actors constantly changing tactics – including automating threats to mutate and evade security solutions – ideally, you would want to test your system against real attacks, those seen in the wild in real-time. Knowing that your organization’s security posture can deal with yesterday’s attacks just doesn’t cut it anymore.
A key challenge is that risk is highest when a threat or a new attack technique is released for the first time, before your security solutions have come to recognize and deal with the threat. By this time, new threats will already be targeting your organization. It’s an issue of speed, and tools that can give you answers in real-time about how you’re dealing with the latest threats are critical.
There’s an acute need for vulnerability assessment tools that use real, live threats – rather than old or simulated ones.
With BAS 2.0, BitDam has launched its new generation of BAS solutions that are the answer organizations have been looking for.
Take BitDam Lucky Meter, or BAS2.0. Lucky Meter uses the freshest in-the-wild malware and phishing threats to continuously test your email defenses, empowering you to assess your organization’s defenses against malware – in real-time. The ability to run an email security test, malware test, or phishing test using real and ongoing attacks is priceless.
BitDam Lucky Meter sends real attacks of all types from the wild, as they materialize. This is done constantly while ensuring the testing is non-intrusive. BitDam Lucky Meter offers a continuously updated dashboard showing which threats bypassed your current security and which were blocked. Critically, it also shows the amount of time your system was exposed to each threat – the Time To Detect or TTD – which is often a more important indicator than the miss rate or rate of detection.
In summary, we’ve moved from Pentesting to BAS, and finally to the real thing: a way to continuously assess your security against the latest attacks seen in the wild, in real-time.
Aiming to decrease the chances of being detected and gaining more time before their phishing scam is exposed and blocked by response organizations, attackers use multiple evasion techniques. And they continue to be creative about it!
Tracking these techniques closely, we see a variety of them. Here are a few evasion techniques that help phishing attacks bypass security solutions:
Mobile only – The link directs to the malicious webpage only if browsing from mobile devices, leveraging the fact that mobile devices are less secure than desktops and that users may pay less attention when browsing from their mobile.
Timers before redirecting – the attack waits a few seconds before redirecting to the malicious link in order to evade security solutions that run for a limited timeframe.
Button automation – the redirection to the malicious page is done only following clicking a button which verifies that the user is a real person. Security solutions don’t click it and therefore don’t “get to see” the malicious page and can’t detect the link as malicious.
Captcha defender – just like the simple button automation, the victim is redirected to the malicious URL only after clicking a captcha or a reCAPTCHA and being identified as a real person. Here again – if the security tool can’t access the malicious page, it definitely can’t detect it as malicious.
These techniques and others reduce security solutions’ effectiveness making it almost impossible to prevent phishing attacks.
Evade with a click of a captcha
In the past couple of weeks our researchers identified a drastic increase in the number of attacks using a captcha defender to go through security tools. And guess what, these phishing attacks indeed bypassed leading Secure Email Gateway (SEG) solutions and even Advanced Threat Protection products including Office ATP and Proofpoint TAP.
The prevalence of this technique seen among BitDam’s customers grew by hundreds of percentages in the past couple of weeks, compared to the previous two weeks. Scanning all attacks from various feeds, we’ve observed the same trend in these feeds as well, driving us to the conclusion that this was added to popular phishing kits.
It starts with what seems like an innocent email. Here is one example for a subject line: “New Sharedfile Received for BRAND“. Opening the email, it looks like the email contains several attachments and the user is requested to click a button to view them saying “BRAND uses Outlook Files to share documents securely”. Clicking it would lead to a captcha page that looks like this:
The next page would be the actual phishing URL. For example:
By now, you are probably wondering how common this technique is and who are the target victims. So…it is more common than you would imagine. We saw it targeting most of our customers which range from small and medium businesses to enterprises with many thousands of users from various industries and locations. This evasion technique was used in phishing attempts in Europe, North America and The Middle East. The attacks were almost always delivered via email.
Perhaps the most interesting thing about the attacks that BitDam prevented among its customer base was that all of them were leading to fake Microsoft login pages. As you can see in these screenshots, they varied in their graphics, but Microsoft remains the number one target with hackers desiring to steal Microsoft user credentials.
What can we do about it?
Assuming you don’t want to be the next victim, I would start by checking if your email security vendor detects such attacks. You can simply register to BitDam Lucky Meter which will send you the most recent phishing (and malware) attacks as soon as they are released to the wild, and provide you with a simple dashboard so you can easily know what bypassed your current email security. BTW – it’s totally free.
Of course, you should never enter your credentials to unknown websites, but that tip is pretty outdated. Everyone knows they shouldn’t click suspicious links but somehow there are more successful phishing scams every day. This means someone does click them, right?
However, if you do come across a URL that you aren’t sure about and would like to scan for phishing before going on, you can always use this online phishing scanner that will give you a verdict in no time, letting you know if the link is a phishing scam.
CISOs Panel Discussion: Securing Remote Collaboration During a Pandemic
Liron Barak, CEO of BitDam interviews three CISOs from across the globe in this unique panel discussion. A common theme between all of our panelists is how to face the ‘new normal’ of remote working with the rise of cyber threats. These security experts dive into their organizations’ plans of attack on how to become quick and effective adaptors to these new security challenges. Read the transcript below!
LB: Good morning and good afternoon! Thank you for joining the panel discussion on securing remote collaboration during the pandemic. My name is Liron Barak. I’m the CEO and Co-founder at BitDam, but I’m the least interesting person here. Today we have three special guests that I’m honored to host.
We have Michael Sherwood the Chief Innovation Officer at the city of Las Vegas joining us from Nevada. We also have Norman McKeown, the Head of IT at LSH Auto UK Limited, the UK’s leading Mercedes Benz retailer with over 143 Mercedes Benz dealerships, worldwide, and last but not least Daniel Baird who is the Group Head of IT of Graham’s Family Dairy, all the way from Scotland.
Welcome guys! Thanks for joining us for this session. We’re planning to have an open conversation today talking about what it’s like to be in charge of IT security when things are crazy, everywhere, but especially when it comes to IT and cybersecurity. Let’s start off with a little bit about the background of each of you and the organization you represent. Daniel why don’t we start with you.
DB: Yes, I’m the Group Head of IT at Graham’s Family Dairy. We’re a family run business, operating since 1939, supplying milk, cream, ice cream and butter, to over 7,000 customers UK wide and internationally. I’ve been in the role here for approximately five years and looking after everything from IT Security through two to one connectivity in ERP solutions. So it’s a busy job. Prior to Graham’s, I was Managing Director of an MSP doing cloud consultancy primarily and Office365 consultancy. I’ve become a bit of the gamekeeper turned poacher.
NM: I’m Norman McKeown the Head of IT for LSH Auto in the UK. We are one of the largest Mercedes dealer groups locally, I’ve been lucky enough to do this role for about four years, touching pretty much anything I cable touches from to infrastructure, to telephony, to CCTV systems all falling under my role. It’s been a whirlwind since we launched the company in the UK. Prior to that, I did a short stint at the Siemens Power Generation Services and before that I was over 17 years at PSA. I’ve worked on the manufacturer side of automotive; I’m gatekeeper turned poacher, having now moved onto the retail and dealer side. So it’s been a good four years and plenty more to keep me busy.
MS: I guess I’ll go now. I’m Michael Sherwood, the Chief Innovation Officer for the City of Las Vegas. I don’t think any introduction needs to be done for Las Vegas, we’re an entertainment destination where you come to have fun. I’ve been here for roughly five years, like many of the other individuals on the call I oversee everything from cable infrastructure, CCTV, all basic systems. Anything technology based or that plugs into a wall for the most part falls under our purview. I’m very proud to work here. Very happy to be in this community in the great state of Nevada and it’s an honor to be here with all of you today with such esteemed colleagues. When it comes down to it security and protecting our digital assets is our number one priority. Now as more and more of the city in the community relies on technology, protecting those assets becomes increasingly important.
LB: Thank you guys. Why don’t we start with some tough questions? It will be interesting to hear what were your top information security challenges during the pandemic?
NM: I would say the automotive industry certainly in the UK was one of the more challenging divisions that had to move to remote working at home. It’s not something we traditionally do in the car industry. People come in and they want to walk in, touch the metal and buy the cars. So whilst the majority of our industry is shut down, we kept two facilities open for key workers.
During the lockdown in the UK, our biggest challenge was twofold. It was taking a predominantly paper based business and I’m moving it digitally and electronically while doing that securely and quickly, and also getting users who have never worked from home in their life before to understand the unique differences and challenges. Whilst it may appear that they’re sitting at their desk in the office because of the access we gave to them there are some unique considerations to take into account and some simple things from, ‘I don’t have the scanner right next to me’, to remembering to ensure that their VPN is running, their security is up, that we’re not constantly there nagging them. That was a big challenge for most part, we’ve taken a very legacy industry and bring it to the 21st century very rapidly.
DB: Well, I liked the fact that you think that the car industry is a legacy industry and milking cows is pretty old school as well. We are certainly a very paper based culture and that can pose a lot of challenges. I think we’re probably slightly different from a lot of companies that have been affected with the current situation. Our sales have gone up and we’ve had, and financially we’ve had three or four very strong months. That’s a change in people’s behavior and the way we’re doing sales. While we lost about 3,000 customers, as soon as the lock down hit. The demand for milk went from people buying a latte in Costa Coffee to buying a lot of milk for the house, increasing it in what we call doorstep sales. Sort of traditional milkman sales, and another which are higher margins to do business with a supermarket because it’s in bulk. It’s great! Not as much logistics and customer service with the doorstep piece, plus it’s much higher margins.
We had to obviously move as many people home as possible to shut down the offices while keeping them working at 100%. We had some challenges around paper based solutions and certainly things like scanning, as Norman mentioned, people asking to take scanners home, even though the tracking of what people were taking home was a challenge in the first couple of weeks. We were getting phone calls, like, “Is it okay if I take my desk chair home?”.
Then we had a challenge around hardware as being a very traditional business. We had a lot of physical desktops, very few laptops. We were trying to send people home, but we’re unable to source corporate laptops. So we had to do a lot of BYOD type things, getting people up and running on their own systems from home. How can we secure that access? Can we give them access to the company shared drives into VPNs on personal devices and how do we protect that? For me was the biggest security concern to begin with.
MS: It was very much the same, along with the lines of my esteemed colleagues here. It was shifting, roughly 3,000 people from coming into physical offices and moving them to their home locations. Obviously shortages of equipment, laptops and so forth, but going to a complete remote infrastructure. We were really privileged that some of the tools we already had were in place, like Azure and other types of remote connectivity. This really helped and benefited us to get moving. The other issues we still had to maintain staffing levels at our facilities. Having staff and getting them prepared up with PPE or protective equipment and still be able to operate.
The hardest part which we learned through this pandemic is just the user education we need to do. Just basic security education, basic overall computer skills, which we take for granted in our department where the technology department, most of us are familiar with it. Then adopting to workers can’t come down to our office or can’t work with us and can only talk to us over the phone. Trying to explain what cable goes, where and how to make these things work. So we came up with some really ingenious ideas, basically took ideas from YouTube and TedTalks and made little videos and then sent those out to employees to help bridge that digital divide. It’s something we’re going to work on going forward. Other than that, the biggest issue was security access to data and how that’s going to move around in this new age of a decentralized work environment.
LB: Did you specifically regarding information security, did your information security toolbox narrow or broaden or change in the past few months? Why did you or didn’t?
MS: For us, we were compromised and we used the word compromised in January, right before COVID. Basically we took a lot of measures, so we were kind of ahead of the curve based on that incident. Obviously, part of that was adding more monitoring tools and a harder look at our infrastructure. We reemphasized focus on how we managed cybersecurity, not just internally, but across the organization…especially passwords. Part of that I was implementing a two factor system, which wasn’t popular at the time. With COVID it was a great opportunity to have those types of systems in place. It hasn’t been as hard to get executives to provide investments into cyber cybersecurity based on the compromise that we had in late January. Now with COVID, security’s been on the minds of everybody. Getting tools was not as difficult to implement as it was to getting users to understand them was the greater long term challenge.
NM: We’ve very similar. We lucked out in that we had the same issues as both Michael and Daniel have mentioned in terms of shortage of hardware. I think I found one supplier that could supply me with laptops, but it was on a five week lead time; and when I was shutting the business down in three days that was not good. We were actually in the middle of an infrastructure change when COVID hit the UK; a data center change, VPN service change, network change. We were right in the last six weeks of that before the lockdown. Very much as Michael has mentioned, the biggest challenge we have was around users. We did some videos as well, some video voiceovers and our biggest implementation was bringing forward multifactor authentication. We had a user compromised that we luckily caught within five minutes of the compromise. So there was no risk to the business. There was no leakage of data. We caught it very quickly and shut that account down. The hardest bit was getting the users to read the instructions on how to set it up once they’re up and running. We had a partner who worked with us very well and really understood what we were trying to achieve. That was a big bonus that ensured we were secure during the whole change of moving terabytes of data between data centers in the middle of this pandemic.
It was having a really good partner who understood our business and our organization. Then again, having the backing of the executive coordinator to put in the extra layer of security. Again, as Michael said, there wasn’t a long conversation around the implementation. Often it was “Yep. We need this, let’s get it done. And let’s get it done efficiently.”.
DB: I think we were quite lucky. We already had the bulk of our services in the cloud. We’d already implemented multifactor for a number of years, but we had multifactor only enabled, we only allowed certain people to access services out with our opposites. And then all of a sudden it’s that bulk enrollments of users into MFAs, the infrastructure was all there, but that pain of actually getting the users to follow the instructions was challenging. You also have the personal information piece around that.
We don’t have company mobile phones out without people saying, “You need to put your mobile phone number in here, but I don’t want you to have my mobile phone numbers.”. It’s not for anything other than helping you secure your account. I’m getting that piece, which was quite challenging, but COVID became quite a good stick to beat people with around a lot of IT projects. Things like the migration of documents to SharePoint and user adoption within MS Teams, things like that. These are all technologies we already had, but we weren’t using them anywhere near enough. We used this as an excuse to rapidly do it and that works in our favor, I think.
LB: You all talked about your entire organization working from home and discounts, along with a variety of challenges. It will be interesting for me and for us, to understand if it was the pandemic that caused your organization to use more collaboration tools, such as OneDrive, MS Teams, Zoom and others? And if so, how do you ensure that your enterprise collaboration platforms are actually protected?
DB: I said before, I think we were already using a lot of these technologies and they were already in place, but underutilized and getting the user adoption piece up and running was key for that. We haven’t invested in any new technology and we’re not doing anything that we couldn’t do before. We’re just doing more of it. Having people dialing in from BYOD devices onto legacy shared drives was a security challenge. But if we thought moving these things into OneDrive, they become a bit more secure, especially because that’s being protected by BitDam.
So we’ve got that protection there at the service side, as well as on the client side and that has made me sleep easier at night.
NM: I think we’re in a similar position where we’ve been obviously O365 since we launched in 2016, but I think outside of the IT Department, probably Skype for business was the only there any collaboration tool and that was used by maybe a seventh of the organization. We’d been pushing MS Teams and making the information available saying it’s really useful. There was a little bit, we were just starting to gain traction. Then suddenly we made a business decision where our business is spread between two areas, the Birmingham and Manchester market areas in the UK. Before lockdown, we took a decision to reduce traveling. So one of the first meetings we converted to online, was we’re meeting with our senior management and our general managers who run each facility. We ran it through MS Teams and instead of it being an all day 9 to 6 meeting with traveling too. We had the entire agenda covered by 3pm and people saying, “This is fantastic. Why haven’t we done this before?’. So I think from the IT Department point of view, it’s a feather in our cap. As Daniel has said, we have our OneDrive, email, our MS Teams all protected by BitDam.
With what I’ve seen since I started using BitDam last year, I know if there’s something that does creep in it will be picked up like that. And then we can react if and when we need to so it’s been a real opportunity to showcase what IT departments are not just there to be there if and when things are broken. We can bring real value add in terms of collaboration, but secure collaboration with the business and not having people’s stories and things here, there, and everywhere, which is out of control.
MS: I agree with Norman, it’s basically you got to have the right tools, BitDam’s been our go to tool for all of our Office365 offerings, which is our mainstay for how we do remote work in the city. The other area that we’ve really lacked is the cybersecurity team on our side, getting them educated and trained on how to use the tools and when working remotely where they’re not sitting next to each other, being able to share information and talk about working in a remote environment. It’s almost like what we’re doing at your meeting. It’s a different environment to be able to work through issues and still collaborate with our infrastructure team and with our desktop team. So that’s been a challenge, but overall it’s having solid tools in place, like BitDam that’s really made the difference for us in feeling comfortable with deploying all these remote services.
It’s not a normal thing for us. We’re very used to coming to the building, use our technology in our facilities, other than getting an email on your phone, there was very little getting service access to our internal environment. That just wasn’t the way government worked, but it’s changing. It’s changed in days and weeks rather than years, but having solid tools is really what saves the day.
LB: Thank you guys. We hear a lot about threats that are being sent to organizations today. A lot of organizations that get ransomware or another big data breach because of the pandemic. It would be interesting to hear from you because you have a lot of experience in this field. How do you explain the fact that organizations have so many malware protection solutions in place yet there are still so many successful cyber attacks? It would be interesting if you can share if your organization’s experienced more cyber attacks during the pandemic and if those attacks were sent through a certain channel or through different channels. It would be great to hear from what you experienced during the last few months.
NM: I think our biggest increase of these came through phishing emails. Since March that has gone through the way and certainly for us as an organization I think the cybercriminals have tried to take the opportunity to exploit the fact that we are not working together in the same office. Being that we do a lot of transactions, people buying Mercedes Benz vehicles and they are quite a sizable investment. We’ve certainly seen an uptick in malicious attachments and credential harvesting attacks coming into the business or attempting to come into the business. As you mentioned, there are so many cyber security tools and the way I explain it to the board is it’s a bit like car security. We have to invent new technology for the cars that we sell. Criminals will find a way to exploit that. So we then event more security and it’s a constant game of cat and mouse.
Every time we close a loophole in cyber security, they inevitably try and find another route in, and because we are in such a connected world now, I go back to the early days of my career when I first put corporate WiFi. Back then I was told it’s not critical if it goes down, fix it when you can. Within two months as soon as it went down, the MD was on the phone, shouting at me wanting it back up and running again. People are so used to it. We’re so used to being able to access things easily. Which is weird, but the side effect is that they’ve given easy access, giving more weight into security. Having a suite of security tools means you’ve got more chance of catching it, then trying another route if you only have your standard spam filtering, email protection. Even with the market leading protections, you need to have a number of those to keep going in line and just try and keep locking them out of your systems.
DB: I think Norman’s absolutely right. I think that the multi tiered approach is critical. In an industry where the Chairman of the company is a farmer it’s challenging to get him to lock his computer and say you can’t just have one password as your password. You must lock your computer and no, you can’t just click on everything.
These are the challenges that we have that goes back to that user piece. As an IT department, we’ve got to protect users as much as possible. Putting in BitDam alongside other tools gives us that multi tiered approach. That’s one of the reasons I liked the way BitDam approached the email security piece is the way it interfaces with Office365 it sits inside the mailboxes. Therefore, we can have perimeter security protection and we can have mailbox security protection. That’s what I really liked about it.
As was for an increase in attacks, our reporting says we have a bit more attacks. We’ve not had a huge amount more through to the mailboxes of users, but certainly the stats are showing that more are being attempted.
MS: Definitely attacks are on the rise. I mean our name Las Vegas, every time we’re in the newspaper or something, attacks rise up. There’s been a lot of press today, some of the casinos are laying off a lot of individuals, so the attack vector or attack surface rises because we’re in the news. To Daniel’s comment, having a layered approach, multiple tools and using BitDam as our main tool, most of our attacks come through email, the old fashioned way through phishing.
Again, I go back to user education, user education, user education! Most of them are very plain to see in the world we live in today. For example, I got this email from the mayor. I look at it and the email address is nowhere near what the mayor’s email address is, but they’re so focused on it looks like it’s from the mayor. They don’t look at the email address and immediately start responding to these individuals. To me the key is education as well, the tools have been fabulous. We haven’t had any issues and the layered approach is working. It’s the education of our users, which is most important. Phishing continues to be the most problemsome issue within our organization.
LB: I agree. It seems like from all of our customers we see a lot of phishing. So what you are all saying is reflected in the data we are collecting as well. This is something we see on a daily basis in our system.
On a different topic. It would be interesting to hear how do you balance security with business and productivity needs? It would be great to hear if you have any tips that you can share with us.
DB: The key thing there is that the, the, the productivity has got to be there. And if there’s, if your security compromise, you have zero productivity, you’ve got to put these marriages in place to protect them, protect the productivity. Absolutely.
NM: I think firstly, the biggest, the challenge I’ve got as I’m sure we all have is users will take the shortest way to get to where they want to get to. I think as Michael mentioned, the previous comments it’s user education. So it’s not just that IT is putting these tools to make your life awkward. We’re actually doing it to make your life easier. So as well as understanding how to use them and understanding why we’re doing certain things. Especially, if it’s not something nice and shiny they can instantly see. Most of our security work is hidden in the back end.
One of the things I loved about BitDam was the ease of deployment. I didn’t have to teach my users how to use a new security email system. It sits on my mail system, but it’s explained to them.
We’re not just doing this because it’s a new, shiny new tool that we want to play, we’re doing it for raising to protect the business to ultimately make your life easier.
LB: Let’s move on to our last question for this session. It’s known to us like everyone is talking about remote work becoming the new normal, even after the coronavirus will be gone. It would be great to hear what will be the influence of this period on organizations cyber security, in your opinion.
MS: It is the new normal, I don’t think I’m going back to the way, even for government, who generally slow adopters of anything new and shiny. It’s definitely a trend that’s not going to stop, which is going to complicate our security posture. It’s definitely going to put more reliance on letting go of certain aspects of our operation, not being able to be fully in control.
Azure was a big leap for us to give up our email servers locally and move all that the cloud OneDrive was even a bigger leap MS Teams. That being said, that’s what really makes us very proud customers of BitDam is that it is an evolving platform. As our ecosystem evolves and changes the BitDam system evolves and changes with our organization and kind of interweaves with the technology solutions we are going with. As the world moves towards going more mobile and remote, we have to be flexible to provide the services to all of our customers in any condition and be able to gain access to all the tools and resources, just like if they were in the physical building itself. So it will be very challenging, but with great partners, we know that we will be able to, to meet that challenge head on.
DB: We’re going to be taking security in a different light. I think security and home working, having more mobile users and people being outside that corporate firewall learning the different ways of securing access is going to be key. I’m currently trialing physical keys for laptops as well, and for cloud access. I’ve always been one to focus on identity. I think all security things should be identity. The more you consolidate that identity piece and protect them as a fortress with MFA, with physical keys, these are the things that we’ll need to be looking at more and more.
NM: I think it’s the new normal it gets for the IT department, it’s a double edged sword. It’s been a real opportunity for us to showcase what we can bring to the organization. As both Michael and David have said, it adds an extra layer of complication. I think my industry proves we can do things more digitally. One of the surprises for me was the number of vehicles we sold completely online in lockdown. From start to finish and we’ve got to protect those customers. One of the reasons why I liked the BitDam platform is that not only helps protect my users and my organization, I know it’s helping me protect our customers as well, which helps them protect our brand and our brand image. But it is constantly treading the catwalk between ease of use and accessibility, keeping it secure and keeping all the business data secure.
LB: It sounds like there are also some good surprises in this period of time. Thank you guys very much for joining us to discuss for this session today. It was super helpful and then I wish all of us, uh, you know, a better, healthy period of time!
BitDam has just announced the launch of its advanced online URL scanner that detects phishing and malicious links. With phishing attacks constantly increasing in both sophistication and frequency – and with COVID-19 accelerating these attacks – this innovative tool could not come at a better time.
The tool demonstrates BitDam’s advanced phishing detection capabilities and provides the cybersecurity community with the ability to scan suspicious links even when they’re still very new – and when reputation and threat-intelligence solutions still cannot identify them.
The phishing detection tool is built for SOC and threat hunting professionals, security analysts, and MSSPs who want to be at the forefront of phishing detection technologies.
Why Phishing Protection Is So Important Now
Phishing is the No.1 cybersecurity threat facing organizations today. A combination of factors have made this problem more urgent than ever:
Phishing is now more sophisticated
Due to the increase in the severity and consequences of phishing attacks, employees are more aware of the dangers that phishing emails pose. Attackers, therefore, have become more sophisticated, employing machine learning and automation to rapidly create and distribute convincing phishing messages.
Attackers have developed new techniques
With attackers constantly developing new techniques – including using automation to bypass existing security tools – traditional security solutions, including reputation-based products, just can’t keep up.
Attacks are targeted – and missed by traditional solutions
More attackers are ditching the “spray-and-pray” type of phishing attack for more targeted phishing campaigns. These are aimed at individuals within an organization and can be hyper-personalized, ensuring they’re not identified by reputation-based detection solutions including many O365 phishing security and Gmail phishing security solutions.
Phishing attacks are on the increase
Phishing attacks have increased because they’re relatively cheap and simple to set up. With little effort or fear of consequence on the attacker’s side, they can easily access sensitive data like company login credentials. With COVID-19 increasing the number of people working remotely, as well as stress levels, attackers have been taking advantage of this situation.
Liron Barak, CEO of BitDam observes, “We are seeing a real increase in phishing campaigns in the past year. In fact, phishing has become the top cybersecurity threat, more than ransomware or any other malware. That’s because phishing attacks are much simpler to execute, and recently are more difficult to identify.”
The launch of BitDam’s phishing detection scanner could not come at a better time. Barak notes, “In addition to including our unique phishing detection capabilities in BitDam’s Advanced Threat Protection solution, we are now launching this online scanner for use by cybersecurity professionals.”
A Unique Phishing Detection Tool
Most other phishing protection solutions are based on reputation and threat intelligence. This approach is inadequate in the face of automated attacks and previously unseen first-time threats.
BitDam is independent of previous knowledge and data. It uses multiple sophisticated computer vision and AI algorithms to assess: is this a phishing link?
It can, therefore, detect phishing threats at first encounter, unlike reputation and threat intelligence-based products that have to wait to collect enough data before classifying something as phishing
BitDam offers phishing detection and prevention as part of its comprehensive Advanced Threat Protection solution for business collaboration platforms which includes protection for email, cloud drives, and Instant Messaging – covering threats of any type hidden in files and links.
BitDam Launches Its DIY Guide To Assess Email Vulnerability
Understanding your vulnerabilities when it comes to email security is critical in order to ensure that you’re protected against ransomware, phishing, and other email-borne threats. These threats are getting more sophisticated, and many are able to evade mainstream email security products. Studies show that 20-40% of the emerging threats bypass the leading email security solutions.
Testing your email security may sound like a long and complicated task that involves engagement with pentesting professionals and deployment of attack simulation tools. But it doesn’t have to be this way. BitDam now presents its DIY Guide: How to Assess Your Email Vulnerability for Free in 20 Minutes which allows anyone to test their email security and get an accurate view of what threats their current security tools block and what they miss.
This guide showcases free tools only – each focused on a slightly different goal – and uses a step-by-step approach, guiding you in how to assess your email security posture. You can also watch the video to learn how to implement these free tools.
Why It’s Needed
Some responsible for email security might think that with their “mainstream” email security solution in place, they’re protected. Unfortunately, the facts show that this is a dangerously incorrect assumption. Specifically, when it comes to threats encountered for the first time – “Unknown Threats at First Encounter” – these solutions struggle to keep up.
For example, Proofpoint’s “TAP” advanced email protection misses about 23% of new attacks emerging every day, Microsoft Office 365 Advanced Threat Protection (ATP) misses 25% of new attacks including recent phishing campaigns, and G Suite Enterprise misses almost 36% of threats. In fact, 45% of emerging threats bypass at least one of the leading email security products.
So how does your organization’s email security fare when it comes to these threats?
Free Tools To Assess Email Vulnerability
BitDam offers three free tools for evaluating your email security: Lucky Meter, Breach & Attack Simulation (BAS), and BitDam’s Malware Feed.
Lucky Meter is a highly accurate way to assess email vulnerability, using continuous, real-world attacks in real-time to give an accurate, up-to-date, and detailed picture of your risk level.
Breach and Attack Simulation (BAS)
BitDam BAS offers a quick one-time assessment of your email security posture. It makes use of simulated attacks, that are based on real-world attacks the BitDam team has observed in the wild.
Mainly used for deeper investigation, the Malware Feed includes live information on real-world malware attacks.
Each of these tools is incredibly easy and quick to get started with and is offered by BitDam completely free.
More About The Guide
The DIY Guide presents each solution in more detail, highlighting each one’s typical use case and main advantages. Each tool has its introductory section explaining what it’s ideal for, its quick steps for getting started for those more proficient with these types of tools, and more in-depth step-by-step instructions including images and screenshots.
By following the Guide, you’ll be able to select any or all of the free services offered, use them to assess any vulnerabilities within your email security posture, and generate detailed, valuable reports that can help you make the right decisions for the security of your organization. And the best part about it – you’ll have to invest only about 20 minutes.
Your Guide to Continued Email Security
Using these free tools provided by BitDam, any organization can simply, quickly and easily check the current state of their email security posture – the first step in upgrading your email security to meet the latest threats.
BitDam’s mission is to secure enterprise communications across all collaboration tools. We protect organizations from advanced threats hidden in files and links regardless of the threat type and delivery method.