Microsoft updates Office 365 to stop spear phishing attacks
Microsoft has released a new feature for Office 365 “URL detonation”, which attempts to neutralize one of hackers’ favorite tactics to infiltrate corporate networks, according to ZDNet. We refer to spear phishing , e-mail scams whose sole purpose is to gain unauthorized access to sensitive data. Something like that could have been responsible for the attack on the National Democratic Committee.
It may not be a very sophisticated method, but the hack of DNC servers proved to work. The Dukes, considered the authors of the attack, sent bit.ly links that were used to gain access credentials from different personalities of the American political party. Similar groups send links that point to a malicious file that, once it is run, downloads a remote access tool or RAT.
Microsoft’s new phishing mitigation service targets malicious files, PDF files or web pages that would reach the linked user via an email. This feature reached some users last year as part of Office 365’s advanced protection system or ATP, and is now available to everyone.
Now, ATP will run a reputation check and scan the URLs in the mails for malicious behavior. When scanning an address, users will see a window with a yellow background informing the user that the link is being checked. If it proves that the link is fraudulent, the user will see a window with red background informing that it is a malicious web.
System administrators can set SafeLink policies to control which of their users clicked on the link, allowing them to respond if that user ignores the warning. In addition, Microsoft has announced a public preview of ATP Dynamic Delivery with more secure attachments, which is designed to minimize interruptions while the feature scans attachment to an email.
Receivers can read the mail while the attachment is checked. If Microsoft estimates that it is malicious, it will not be open. It will only reinsert in the message those that it considers safe. This feature, on the other hand, was already available as part of a private preview last year.