Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

One of the most challenging elements of cybersecurity is knowing what’s to come. While none of us have an IT crystal ball (unfortunately), we can make educated guesses based on the evidence around us. One thing that is for sure, though, is that cybercriminals are more of a threat than ever. According to the FBI’s Internet Crime Report from last year, a record 847,376 cybercrime complaints were reported by the public in 2021 – a 7% rise from the previous year.

In the last phishing blog we discussed how modern phishing works on the frontend. Read on to find out how threat actors can easily find and authenticate a suitable domain by modifying both Gophish and Evilginx to evade security controls In the last phishing blog we discussed how modern phishing works on the frontend. Here we go behind the scenes to dissect how to configure and authenticate a good domain for your phishing campaign using Apache as Reverse Proxy. Excited? You caught the hook, read on!

From the outside, it might appear as if Trustwave MailMarshal is a stand-alone solution that on its own is able to effectively defend email systems from a wide variety of phishing, malware, and business email compromise (BEC) attacks. The truth is MailMarshal is backed not only by one of the best trained, most experienced cybersecurity research teams in the industry but also by a technology stack that has been decades in the making.

Social engineering is the art of manipulating people, so that they give up confidential information or perform an action you ask them to do. Read and learn first hand how modern phishing works to trick victims into giving up their credentials, bank information or computer access to secretly install malicious software. Adversaries use social engineering tactics because it is often easier and quicker to exploit human nature than to hack their way in.

Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. The attackers used AiTM (Attacker-in-The-Middle) reverse-proxy sites to pose as Office 365 login pages which requested MFA codes, and then use them to log into the genuine site.

Microsoft 365 has cemented itself as a leader amongst cloud email providers by offering a solid foundation of protection from advanced attacks. However, it's becoming increasingly apparent that Microsoft 365's defenses alone are often not enough to ensure the security of sensitive data. Cybersecurity experts' views on email risk within Microsoft 365 is our most recent report identifying the security risks that Microsoft 365 users face.

For many organizations, the rise of remote working brought on by the COVID-19 pandemic has significantly increased email communication. Our 2020 Outbound Email Security Report revealed that 94% of organizations experienced increased outbound email traffic due to remote working during the pandemic. This increase in outbound email traffic also increased outbound security risk. The report revealed that 93% of organizations suffered an outbound data breach in the same 12 months.

In our most recent report, Cybersecurity experts' views on email risk within Microsoft 365, we identify security risks that Microsoft 365 users face. We spoke with three experts to gain insights into some of Microsoft 365's key email security strengths and weaknesses. This article features some key quotes from the report from Lisa Forte, Co-founder, Red Goat Cyber Security LLP; Robin Bell, CISO, Egress Software Technologies; and Jack Chapman, VP of Threat Intelligence, Egress Software Technologies.