Proofpoint, a leading cybersecurity and compliance company, has announced the availability of Proofpoint Cloud Account Defense (CAD) to detect and proactively protect Microsoft Office 365 accounts, preventing attackers from causing financial and data loss.
Cybercriminals have pioneered a new way to compromise corporate email systems, this time by using brute force attacks to steal Microsoft Office 365 login credentials of corporate users and then logging in as an imposter on the system.
These new hacking techniques work even if the company has deployed single sign on or multi-factor authentication (MFA) as part of their security system. Once the hacker has logged in masquerading as a real employee, they have a wide spectrum of choices while operating within a corporation’s email instance to cause financial harm and data loss.
Available today, the new Proofpoint CAD solution helps organisations detect, investigate and remediate these Microsoft Office 365 compromises.
CAD provides comprehensive user-centric visibility necessary to detect and investigate compromised accounts and thwart email account compromise (EAC) credential theft tactics including credential reuse, brute force attacks, and credential-stealing malware. EAC tactics, combined with business email compromise (BEC) social engineering, are hallmarks of groups like the 70+ cybercriminals arrested during the recent Operation Wire Wire federal effort that recovered approximately US$14 million in lost funds.
Ryan Kalember, Senior Vice President of Cybersecurity Strategy for Proofpoint, said: “It only takes one compromised Microsoft Office 365 account to unlock access to a virtual goldmine of confidential data and access – and we have seen a major increase in organisations losing both money and data to these attacks.
“Once an attacker compromises a trusted account, they can read a user’s email, look at their calendar and launch internal phishing emails attempts from a trusted account. We’ve even seen these attackers go after targets with multifactor authentication by exploiting interfaces that do not support strong authentication in most deployments, such as Exchange Web Services and ActiveSync. Fortunately, CAD can detect these attacks by utilising our extensive intelligence, stopping them before they can cause damage.”
Operating across the entire Microsoft Office 365 applications suite including email, SharePoint Online and OneDrive, the new CAD solution protects users, data, and financial assets on any network or device. CAD empowers organisations to take a proactive approach when addressing risks associated with Office 365 that often evade other security detection methods. This is especially critical due to Microsoft Office 365’s wide array of integrated third-party applications. With CAD, security teams can:
- Detect compromised accounts: CAD studies the attacker’s footprint by combining contextual data like user location, device and login time, with Proofpoint’s rich threat intelligence to establish safe baseline behaviours, detect compromised accounts and flag suspicious behaviour
- Investigate incidents with granular forensics: Organisations can investigate past activity and alerts through CAD’s intuitive dashboard using granular transaction forensic data such as user, date, time, IP, device, browser, location, threat, threat score and more
- Defend Office 365 accounts with flexible policies: With insights from CAD’s detailed forensics, users can prioritise alerts based on severity to prevent alert fatigue while building flexible policies based on multiple parameters such as user, location, network, device and suspicious activity
- Deploy quickly in the cloud: Proofpoint’s cloud architecture and integration with Microsoft Office 365 APIs enable organisations to quickly deploy and derive value from CAD
CAD builds upon Proofpoint’s extensive cloud-enabled portfolio of solutions that allow organisations to deploy and use cloud applications with confidence.