Cyberattackers have increasing been creating attacks that can bypass Microsoft’s default security. This is going to require organizations going forward to be ready to fight against these types of unexpected threats.
Though not entirely accurate, an increased level of malicious emails leads some hackers to believe that Microsoft has a weakness. Hacking methods have become more advanced, and so hackers have learned new ways of bypassing Microsoft’s default security. This does not mean that Microsoft’s security got worse, it just means that hacking techniques have changed.
The report, gleaned from analyzing three million corporate emails in the past year, revealed some eye-catching numbers:
Phishing emails that go undetected by bypassing the Microsoft Exchange Online Protection (EOP) and Defender tools are 19% of all observed phishing emails by Avanan.
Since 2020, Defender’s missed phishing rates among Avanan’s customers have increased by 74%.
Defender detects and blocks on average 7% of phishing emails as they are sent to Avanan’s customers.
Microsoft’s phishing protection rate is on the rise. 93% of business email compromise attempts have been prevented by the company.
Microsoft catches 90% of emails with malware-laden attached.
The numbers seem to indicate that phishing tactics are changing and attackers are avoiding including obviously malicious links in emails, instead utilizing masking techniques like vanity URLs. Plus, attackers have stopped attaching malicious files altogether.
The best way to defend yourself against these kinds of attacks is through defense-in-depth with four main prongs. This includes things like a content filter and WAF.
