Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Arctic Wolf has recently observed a widespread phishing campaign targeting multiple organizations by abusing Microsoft 365’s Direct Send feature—a feature designed for internal email delivery without requiring authentication. Threat actors can identify valid domains and recipients, then send spoofed emails that appear to originate from internal domains—often impersonating the user themself—without needing credentials or access to the tenant.

Email threats aren’t slowing down. From credential phishing to malware-laced attachments, email remains one of the most exploited entry points for attackers. If you’re already using Mimecast to help mitigate that risk, you’re ahead of the curve — but raw log data only gets you so far. Starting with Graylog 6.2.3, you can pull logs directly from Mimecast using API v2.0 and view them immediately with built-in Illuminate Dashboards.

Getting through secure email gateways (SEGs) is simply the cost of doing business for a cybercriminal. Literally, detection at the perimeter by a SEG is the same as falling at the first hurdle. SEGs have been adopted broadly, especially in larger organizations (although this picture has started to change in recent years - more on that below). Even where organizations don’t use a SEG, many native controls in email platforms (like Microsoft Exchange) operate using the same principles.

Phishing is no longer just an email problem. Reports state that 40% of phishing campaigns now span channels beyond email, hitting collaboration tools like Slack and Teams, plus SMS, and social media platforms. Voice phishing (“vishing”) in particular is on the rise: 30% of surveyed organizations reported at least one instance of attackers using spoofed or AI-cloned calls to steal credentials in the past year.

Text messages used to be a safe space—quick birthday wishes, delivery updates, maybe the odd emoji from a friend. But in today’s digital world, not every ping on your phone is innocent. Some are traps, carefully crafted to trick, scare, or confuse. One of the sneakiest tricks out there? Smishing. Yep, it’s a mashup of “SMS” and “phishing.” If phishing is the scam that hides behind a shady email, smishing is its text-based cousin.

Phishing remains the number one method attackers use to gain initial access to organizations. That makes your workforce the front line of defense and your ability to identify, neutralize, and respond to phishing attempts is more critical than ever. Trustwave’s Managed Phishing for Microsoft is a service designed specifically for organizations leveraging Microsoft Office 365 and Defender for Office (E5 or equivalent).

Researchers at Netcraft warn that AI-generated search engine summaries are suggesting phishing sites when users ask them to find legitimate login pages. The researchers tested popular AI models, asking them for the login pages of fifty major brands, and found that the models provided the wrong sites 34% of the time. "In many cases, users see AI-generated content before (or instead of) traditional search results—and often without even needing to log in," the researchers explain.

In the current digital landscape, email security has become ever more important as cybercriminals frequently exploit vulnerabilities in email architectures to launch phishing attacks, steal sensitive information, and spoof legitimate domains. Since 2012, DMARC has become a cornerstone of modern email security, reducing the cyberattacks that occur via phishing and spoofing attacks in the process.