"Hackers Have It Out for Microsoft Email Defenses"

According to researchers, attackers are increasingly focused on crafting attacks that are specialized to circumvent Microsoft's default security, thus requiring a shift in defense posture for organizations in the future. A new report from Avanan, which highlights an increase in its customer telemetry of malicious emails landing in Microsoft-protected email boxes, many hackers consider email and Microsoft 365 to be their initial points of compromise, so they will test and verify that they are able to bypass Microsoft's default security. This does not imply that Microsoft's security has deteriorated. It means that hackers are continuing to improve, become faster, and learn new ways to obfuscate and evade default security. Based on the analysis of 3 million corporate emails in the past year, Avanan discovered that about 19 percent of phishing emails bypassed Microsoft Exchange Online Protection (EOP) and Defender. Defender's missed phishing rates among Avanan customers have increased by 74 percent since 2020. Defender sends only 7 percent of phishing messages received by Avanan customers to the Junk folder on average. Microsoft detected and blocked 93 percent of Business Email Compromise (BEC) attempts. Microsoft detects 90 percent of emails containing malware-laden attachments. These findings reflect the evolution of phishing and the fact that attackers are increasingly employing tactics such as leveraging legitimate services. This article continues to discuss key findings and recommendations shared in Avanan's report on corporate email security.

Dark Reading reports "Hackers Have It Out for Microsoft Email Defenses"