New Research Reveals that One Quarter of Phishing Emails Bypass Office 365 Security

New Research Reveals that One Quarter of Phishing Emails Bypass Office 365 Security

Analysis of over 55.5 Million Emails by Enterprise Cloud-Native Security Firm Avanan Provides a Stark Picture of Threat Landscape

Avanan, an enterprise cloud-native security firm, released its “Global Phish Report,” the product of extensive research at the SecureWorld Conference. The report analyzed 55.5 million emails sent to organizations using Microsoft Office 365 and Google G Suite. The study reveals that 25% of phishing emails bypass Office 365 security, using malicious links and attachments as the main vectors. Other concerning findings include that 33% of emails containing a link to a site hosted on WordPress and 98% of emails containing a crypto wallet address are phishing attacks.

These numbers are likely to increase as hackers design new obfuscation methods that take advantage of zero-day vulnerabilities on platforms such as Office 365 and G Suite.

“Cloud-based email, despite all of its benefits, has unfortunately launched a new era of phishing attacks,” said Yoav Nathaniel, lead security analyst at Avanan. “The nature of the cloud provides more vectors for hackers and gives them broader access to critical data when a phishing attack is successful. Organizations are in desperate need for more information on phishing attacks and how to combat these attacks. We conducted this research to help inform organizations and shed light on how to keep sophisticated attacks out of their environment.”

Marketing Technology News: D4t4 Launch Major New Upgrade to Its Celebrus Platform Which Can Deliver Instant Data in Real Time

Over the past decade, phishing attacks have become the most widespread digital threat to organizations around the globe. For most organizations, phishing is the number one email security threat, outranking both malware and ransomware. These attacks are becoming increasingly sophisticated and difficult to detect, even with the aid of artificial intelligence to support the effort. Employees are bombarded with spear phishing, extortion, credential harvesting and malware attacks. The cloud email platforms by themselves cannot reliably block emails containing malicious language, links or attachments.

Other Key Findings

  1. Over 30% of phishing emails sent to organizations using Office 365 Exchange Online Protection were delivered to the inbox.
  2. Over 50% of all phishing emails contain malware, credential harvesting accounts for 40.9% and spear phishing and extortion make up the remaining 8.4% (0.04% and 8%, respectfully).
  3. One out of every 25 branded emails sent to organizations were found to be phishing emails, with Microsoft being the most impersonated brand throughout the year, except for the holiday season, during which it is Amazon.

Marketing Technology News: Explore How a Connected Future will Transform Marketing at the 20th Anniversary Marketing Impact 2025: A Frost & Sullivan Executive MindXchange

A full copy of the Avanan Global Phish Report, including recommendations based on the findings, is available online.

The announcement came at SecureWorld Philadelphia, a conference dedicated to helping security practitioners aid their firms to improve not only their individual security posture, but also to make the overall security environment better and easier to manage.

Marketing Technology News: Magyar Telekom Marches Forward with MediaKind’s Cloud-Based Streaming TV

Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *