Trump Administration Plans 100% Tariffs on Pharmaceutical Imports 
SpaceX Eyes Historic IPO at $1.75 Trillion Valuation 
CTOC Adds 3,000 Doctors, 500 Hospitals Ahead of Liquidity Push 
Star Entertainment Secures $390M Refinancing Deal to Stabilize Operations 
Microsoft Eyes $7B Texas Energy Deal to Power AI Data Centers 
Cathay Pacific Holds Firm on Flight Capacity Amid Middle East Conflict and Rising Fuel Costs 
Annie Altman Amends Sexual Abuse Lawsuit Against OpenAI CEO Sam Altman 
Luxury Car Sales in the Middle East Take a Hit Amid Iran War 
OpenAI Executive Shake-Up Ahead of Anticipated 2026 IPO 
TSMC Japan's Second Fab to Produce 3nm Chips by 2028 
MATCH Act Targets ASML and Chinese Chipmakers in New U.S. Export Crackdown 
Fonterra Admits Anchor Butter "Grass-Fed" Label Misled Consumers After Greenpeace Lawsuit 
Nike Beats Q3 Estimates but China Weakness and Margin Pressure Weigh on Outlook 
Elon Musk Ties SpaceX IPO Access to Mandatory Grok AI Subscriptions 
Microsoft's $10 Billion Japan Investment: AI Infrastructure and Data Sovereignty Push 
UAE's Largest Natural Gas Facility Suspended After Attack-Triggered Fire 
Private Credit Under Pressure: Is a Slow-Motion Crisis Unfolding? 
NEW YORK, Dec. 14, 2016 -- Avanan cloud security experts have discovered a new twist on a well-known cyberattack exploiting users’ increased online shopping activity around the holiday season. Unlike the recent spate of highly publicized attacks targeting users’ credit card numbers with fake messages about a problem with online orders, this new attack goes after something potentially even more valuable: users’ Office 365 passwords.
Once obtained, hackers have full access to the victim’s Office 365 account, providing an unlimited ability to embed malware, launch additional phishing attacks on the victim’s contacts, steal sensitive company information, reroute invoice remittance details, download customer information such as social security numbers and much, much more.
The phishing attack starts with an email that appears to come from FedEx, informing the user that an important package is waiting for the victim. The email contains a link, which is displayed as, http://www.fedex.com/us/track. The actual URL that’s embedded within this displayed link starts with http://fedex-international.com but continues with “.xn-sicherheit-schlsseldienst-twc.de/track.” The .xn uses a Unicode-encoding method called Punycode, which effectively fools Office 365 into thinking this is a legitimate URL that doesn’t contain any malicious intent.
The resulting page displayed upon clicking this link is a fake Office 365 login page, asking for the user to provide his or her Office 365 password. Users still trying to access information about their package are likely to input their Office 365 password at this point, thinking that they had inadvertently logged out of Office 365, and therefore need to log back in to continue to track their package. In reality, however, they are giving up the keys to their workplace environment to hackers.
“The email scanners and threat protection provided by Microsoft are not stopping the latest phishing emails from getting into our organization,” said Matt Litchfield, vice president of Information Technology at JD Norman Industries. “We are experiencing phishing emails that target my users’ Office 365 credentials. These types of attacks represent a very serious security concern for my organization. I no longer believe that Office 365 email scanning offers sufficient protection from phishing attacks by itself; we must layer additional security on top of what Microsoft already provides to ensure a comprehensive email security solution.”
“This is a very significant attack,” said cloud security expert Gil Friedrich, Avanan’s CEO. “With this attack, it’s clear that hackers now realize they can exploit victims’ workplace shopping habits to infiltrate corporate networks, which can be potentially much more valuable than petty credit card theft.”
This exploit represents the latest attack on business users of Microsoft Office 365 and Google’s business Gmail programs, which have become platforms of choice for attacks since hackers can test the deliverability of their messages through their own low-cost test accounts. Companies that have migrated to these SaaS-based mail programs without adding necessary security layers have effectively exposed their users to the growing world of cloud security attacks.
View Avanan’s blog on the attack here: http://www.avanan.com/resources/puny-phishing-office-365.
How to protect from this and future attacks
Office 365 and Gmail have inherently limited abilities to block these attacks, since hackers can simply keep testing the deliverability of their messages until they successfully bypass built-in security layers. No one vendor can provide total protection, which is why Avanan recommends a multi-vendor, defense-in-depth approach. Avanan’s cloud security platform enables businesses to apply any combination of more than 60 best-of-breed security tools to Office 365, Gmail and any other SaaS application, all in Avanan’s elegant single pane of glass, and all with just one click. The added layers of security via Avanan’s platform make it impossible for hackers to “test-bench” the deliverability of their attacks, making unprotected users even more attractive and vulnerable.
Free scan offer
Avanan has offered to provide a free tool to scan Office 365 mailboxes to see how many users in an organization were victims of this attack. To take advantage of this limited-time offer, visit http://www.avanan.com/puny-phishing-office-365.
About Avanan, the Cloud Security Platform (http://www.avanan.com)
Avanan secures any SaaS application, such as Office 365 and Google Mail, or any cloud application with one click, using best-of-breed security technology from industry-leading vendors. Avanan has been named a 2016 Gartner Cool Vendor, a Red Herring Top 100 North American Tech Startup and one of CRN’s 20 Coolest Cloud Security Vendors of 2016.
Media Contact: Deb Montner Montner Tech PR [email protected] 1.203.226.9290
