Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/17/2019
11:55 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New IRONSCALES Research Finds Microsoft ATP Takes Up to 250 Days to Create Phishing Attack Signatures

Office 365 Advanced Threat Protection not keeping up with speed of email phishing threats; Study also concludes that half of all email phishing attacks worldwide now affecting more than 25 organizations.

TEL AVIV & ATLANTA – SEPT 17, 2019 – IRONSCALES, the world’s first automated phishing prevention, detection and response platform, today revealed that Microsoft Office 365 Advanced Threat Protection (ATP), the primary email security filtering service for Office 365 users, can take up to 250 days to create an email phishing attack signature and make it available to enterprise technical staff. Over the course of 3 months, a representative sample size of 1000 malicous emails containing links or attachments found that ATP took between 6 and 250 days from the time an email phishing attack was first reported until the time that a signature was deployed. This delay in signature creation leaves Office 365’s 60 million monthly users at severe risk of malicious email phishing messages impacting business continuity - as it now takes less than 82 seconds for a phishing email to lure a click.

“It’s frustrating to learn that ATP seems to lack the sense of urgency that phishing mitigation requires in today’s email threat landscape,” said Eyal Benishti, IRONSCALES founder & CEO. “As the main cybersecurity safeguard for millions of people, ATP must prioritize phishing attack signatures to limit risk or be more transparent with their users about the need for additional email security to serve as an additional line of defense. When combining this slow response time with the fact that ATP cannot stop the onslaught of fake O365 login pages harvesting users credentials, users must begin to ask tough questions about just how much ATP is actually reducing their risk.”

IRONSCALES’ research also found that attackers are gaining unprecedented leverage over their organizational targets. Currently, for every uniquely identified email phishing attack:

·  50% now affect more than 25 organizations worldwide

·  20% now affect more than 40 organizations worldwide

·  10% now affect more than 55 organizations worldwide

·  5% now affect more than 65 organizations worldwide

·  2% now affect more than 100 organizations worldwide 

Additionally, attackers are now targeting between two and 40 mailboxes per company impacted by an email phishing attack, IRONSCALES research also concluded.

How IRONSCALES mailbox-level security “sees” attacks post SEG/ATP

Unlike other anti-phishing technologies, IRONSCALES is installed post gateway, inside of the mailbox. This mailbox-level view provides unprecedented visibility into the emails that bypass secure email gateways (SEG), including insight into the sender’s true identity and the data and metadata extracted from previously trusted communications. As such, IRONSCALES can identify which attacks bypass which SEGs and how long it takes each SEG to create a new signature for each new threat.

IRONSCALES hybrid human intelligence and machine learning solution gives end users and security professionals the right training, tools, and intelligence – all with one-click resolution from a single platform – to hunt, log, alert, analyze, and remediate phishing attacks.

IRONSCALES takes advantage of threat intelligence and decision-making from our global base of users, giving you an entire virtual analyst community for real-time, human-verified, actionable threat intelligence from the world's top security experts and SOCs. The ongoing level and depth of intelligence will enable organizations and users to get ahead of the game against emerging threats.

For more information, download our eBook: Office 365 ATP is Not Built to Defend Against Modern Real-World Email Threats, visit www.ironscales.com and follow @IRONSCALES.

About IRONSCALES  

IRONSCALES is the leader in anti-email phishing technologies. Using a multi-layered and automated approach starting at the mailbox-level to prevent, detect and respond to today’s sophisticated email phishing attacks, IRONSCALES expedites the time from phishing attack discovery to enterprise-wide remediation, reducing the time from detection to response from hours or days to just seconds or minutes, by significantly reducing the workload on incident responders. Headquartered in Tel Aviv, Israel, IRONSCALES was founded by a team of security researchers, IT and penetration testing experts, as well as specialists in the field of effective interactive training, in response to the phishing epidemic that today costs companies millions of dollars annually. It was incubated at the 8200 EISP, the top program for cybersecurity ventures, founded by alumni of the Israel Defense Forces’ elite Intelligence Technology unit.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13864
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from a stored XSS vulnerability. An author user can create posts that result in a stored XSS by using a crafted payload in custom links.
CVE-2020-13865
PUBLISHED: 2020-06-05
The Elementor Page Builder plugin before 2.9.9 for WordPress suffers from multiple stored XSS vulnerabilities. An author user can create posts that result in stored XSS vulnerabilities, by using a crafted link in the custom URL or by applying custom attributes.
CVE-2020-11696
PUBLISHED: 2020-06-05
In Combodo iTop a menu shortcut name can be exploited with a stored XSS payload. This is fixed in all iTop packages (community, essential, professional) in version 2.7.0 and iTop essential and iTop professional in version 2.6.4.
CVE-2020-11697
PUBLISHED: 2020-06-05
In Combodo iTop, dashboard ids can be exploited with a reflective XSS payload. This is fixed in all iTop packages (community, essential, professional) for version 2.7.0 and in iTop essential and iTop professional packages for version 2.6.4.
CVE-2020-13646
PUBLISHED: 2020-06-05
In the cheetah free wifi 5.1 driver file liebaonat.sys, local users are allowed to cause a denial of service (BSOD) or other unknown impact due to failure to verify the value of a specific IOCTL.