Proofpoint’s data comes from an analysis of over 450 million malicious sessions detected throughout the second half of 2022 targeting Microsoft 365 cloud tenants. While Microsoft Teams is last on the list, it’s presence on the list alone signifies how attackers are pivoting to target heavily used applications on which many organizations rely to support hybrid work models.

The company says its researchers have discovered several new ways that attackers are using Microsoft Teams for malicious purposes, including using tabs for phishing users and instant malware downloads, and weaponizing meeting invites and messages via malicious links.

These actions essentially allow threat actors to conduct Microsoft 365 credential attacks, deliver malware and maintain persistence in a victim’s cloud environment.

Malicious tabs

According to Proofpoint, researchers have discovered that using undocumented Microsoft Teams API calls, tabs can be reordered and renamed so the original tab can be swapped with a new custom tab. The company says manipulating tabs “could be part of a potent and largely automated attack vector” following an account compromise.

Attackers could also use a native app, “Website,” to pin a chosen website as a tab at the top of a Teams channel or chat. After pinning a “Website” instance as a tab, attackers can manipulate the tab’s name, change it to an existing tab’s name, and reposition it to push the native tab out of view and increase the chances of a user clicking the fraudulent tab, which could bring users to a malicious site.

“This could be extremely attractive for attackers, seeing as, by design, a website tab’s URL is not displayed to users unless they deliberately visit the tab’s ‘Settings’ menu,” Proofpoint researchers write in a blog post.

The website tab could also be used to point to a file that causes Teams to automatically download the file to the user’s device, potentially inserting malicious droppers inside the victim environment.

Meeting invites

Proofpoint also identifies meeting invites as another tool attackers can use, as the Microsoft Teams platform syncs with a user’s calendar to display, create and edit scheduled meetings. When a Teams meeting is created, several links are generated and sent within the meeting’s description that allow users to join the meeting or download the Teams desktop client.

Hackers typically need access to Outlook or Exchange to manipulate the content of a meeting invite, but access to a user’s Teams account allows them to manipulate the invite using Teams API calls to swap default links with malicious ones that bring users to phishing pages or malware-hosting sites, Proofpoint researchers say.

Hyperlinks in messages

If attackers have access to a user’s Microsoft Teams token, they can also use Teams’ API or user interface to weaponize existing links sent in messages by replacing benign links with malicious ones, which wouldn’t change the presented hyperlink, Proofpoint says.

“Given that Teams API allows for the rapid and automatic enumeration and editing of links included in private or group chat messages, a simple script run by attackers could weaponize countless URLs within seconds,” researchers say.

After, a threat actor can utilize social engineering and send new messages to encourage unsuspecting users to click or revisit the weaponized link.

Guidance and recommendations

According to Proofpoint, Microsoft offered the following guidance after Proofpoint researchers disclosed their research: “Microsoft encourages users to observe security best practices in Microsoft Teams and to adopt industry-standard best practices for security and data protection including embracing the Zero Trust Security model and adopting robust strategies to manage security updates, antivirus updates, and authentication. More information on Zero Trust Security is available at https://aka.ms/zerotrust.”

Read the company’s blog for more information, including recommendations on how to prevent these attacks.

The post Research: Microsoft Teams Can Be Used for Malware Delivery appeared first on My TechDecisions.

However, new data from cybersecurity firm Proofpoint suggests that cybersecurity leaders are again at their wits’ end as 68% of chief information security officers (CISOs) now feel at risk for a material cyberattack, compared to just 48% in 2022.

The Sunnyvale, Calif.-based firm says in its 2023 Voice of the CISCO report that this is a shift back to 2021, when 64% of CISOs believed a material cyberattack was imminent.

Similarly, CISOs now feel that their organizations are less prepared for a cyberattack than last year, with Proofpoint’s research showing that 61% feel unprepared for an attack versus 50% that felt the same last year. In 2021, 66% of CISOs said their organizations were unprepared.

The report, the results of a survey from more than 1,600 cybersecurity leaders across 16 countries, essentially concludes that CISOs no longer feel the sense of calm they briefly experienced after the initial onslaught of attacks and distributed infrastructure during the pandemic.

Why are CISOs less confident than they were in 2022?

Proofpoint’s 2023 Voice of the CISO report finds that several factors are contributing to a less-than-ideal confidence among security leaders, including a possible economic downturn, employe turnover, increasing threats and unreasonable job expectations.

According to the study, email fraud, insider threats, cloud account compromise and DDoS attacks were the four most concerning threat categories cited by CISOs this year, and it is largely unchanged from last year.

However, the research also suggests that cyber awareness among employees continues to lack, as 60% of CISOs say human error is their organization’s biggest cyber vulnerability, compared to 56% and 58% who said the same in 2022 and 2021, respectively.

In addition, just 61% of CISOs believe employees understand their role in helping prevent cyberattacks.

CISOs also feel that the loss of sensitive data is exacerbated by employee turnover, with 63% of security leaders reporting having to deal with a material loss of sensitive data in the past 12 months. Of those, 82% agreed that employee turnover contributed to the loss.

Security leaders are clearly feeling more pressured, with 61% reporting they face unreasonable job expectations, a significant increase from 49% who said the same last year. That is leading to 62% saying they are concerned about personal liability and 60% reporting burnout in the past 12 months.

“Back to ‘business as usual’, they are less assured in their organization’s abilities to defend against cyber risk,” says Lucia Milică Stacy, global resident CISO at Proofpoint. “Our 2023 Voice of the CISO report reveals that amidst the rising difficulties of protecting their people and defending data, CISOs are being tested at a personal level with higher expectations, burnout, and uncertainty about personal liability.”

The post CISOs Are Less Confident in Their Organization’s Security in 2023 appeared first on My TechDecisions.

According to the company, the new innovations further enhance its threat and information protection platforms, in addition to its newly formed Identity Threat Defense business (formerly known as Illusive), to help organizations augment and safeguard their productivity investments, such as Microsoft 365, with maximum deployment flexibility.

“Proofpoint continues to deliver on innovations that empower organizations to break the attack chain,” said Ryan Kalember, executive vice president, cyber security strategy, Proofpoint in a statement. “By providing our customers a unified path to solve for risk across email, cloud, identity and data, CISOs gain unparalleled visibility into and protection against the tactics that attackers rely on most.”

Proofpoint’s Aegis Threat Protection Platform

Proofpoint Aegis Threat Protection Platform is an AI/ML-powered threat protection platform that disarms attacks, such as business email compromise (BEC), phishing, ransomware, supply chain threats. With flexible deployment options using both APIs and inline architecture, Aegis delivers AI-powered, cloud-based protection that complements native Microsoft 365 defenses, says Proofpoint.

By combining the company’s proprietary behavioral analytics and threat intelligence, Proofpoint is delivering new capabilities that provide visibility into account takeover-based attacks from both within an organization’s environment and outside suppliers.

Supplier Threat Protection

Supplier relationships are a growing attack vector: 69% of organizations experienced a supply chain attack within the past year, and CISOs rate it as one of their top concerns, according to Proofpoint research. With Proofpoint’s Supplier Threat Protection, organizations can detect compromised supplier accounts so that security teams can swiftly investigate and remediate.

This new product proactively monitors for and prioritizes known compromised third-party accounts, simplifies investigation with details on why the account is suspected compromised and which employees recently communicated with the account in question, enabling security teams to seamlessly defend against prevalent third-party attacks such as BEC and phishing.

Targeted Attack Prevention Account Takeover (TAP ATO)

Threat actors successfully override MFA in 30% of all targeted cloud and email account takeover attacks according to Proofpoint threat research. Once inside, malicious actors can hide undetected in an organization’s environment, waging sophisticated attacks at will.

Proofpoint TAP ATO, available at the end of Q2 2023, provides visibility across the entire email account takeover attack chain. It accelerates response investigation and remediates accounts, malicious mailbox rule changes, and manipulations of third-party apps and data exfiltration across email and cloud environments.

Identity Threat Defense (formerly known as Illusive)

From ransomware to APTs, 90% of attacks rely on compromised identities, says Proofpoint. The complexity of managing Active Directory (AD) has resulted in the presence of exploitable privileged identity risks in all organizations at a rate of one in six endpoints.

These identity risks include unmanaged local admins with stale passwords, misconfigured users with unnecessary privileges, cached credentials left exposed on endpoints and much more. When an attacker compromises an endpoint with these privileged identity risks, deploying malicious software and stealing data is easy. Privileged identities represent the keys to the kingdom, which attackers exploit to steal the crown jewels. Unfortunately, most organizations are unaware of this risk – until they are attacked.

Leveraging new advanced identity risk analytics and automated detection, Proofpoint has further bolstered its Identity Threat Defense platform – undefeated in more than 150 red team exercises – to provide organizations with comprehensive identity risk protection and remediation:

 Spotlight Risk Analytics

The new advanced risk analytics in the Spotlight dashboard allows users to gain an executive view of an organization’s risk trends as well as exposure across various risk categories and risk exposure levels. It also provides recommendations for possible user admin action.

Spotlight Risk Analytics simplifies decision makers’ workload while ensuring organizational leaders can make informed decisions to remediate modern and sophisticated identity risks. With availability expected late Q2 2023, decision makers will also be able to follow risk trends to track their organization’s risk posture improvements over time.

Proofpoint Spotlight Cross Domain & Trust Visibility

For organizations with complex infrastructure, including multinational, multi-business and merging organizations, identity infrastructure is often stitched together without broader visibility.

Spotlight Cross Domain & Trust Visibility provides insight to understand where AD domains across companies have too much bi-directional trust, which can result in identity risk and lateral movement by attackers. Business leaders can gain a centralized view into the broadest organizational structure’s domains and trusts to better prevent identity risk exposure in a holistic fashion.

Sigma Information Protection Platform

Since its introduction in early 2020, Proofpoint’s information protection business has grown a remarkable 107%, making the company the second largest data loss prevention (DLP) vendor globally and by revenue according to Gartner. Driven by the accelerated adoption of work-from-anywhere practices, the Proofpoint Sigma Information Protection platform is now deployed to over 5,000 customers and 46 million users worldwide, analyzing 45 billion events each month, and trusted by nearly half of the Fortune 100.

Proofpoint’s Information Protection platform merges content inspection, threat telemetry and user behavior across channels in a unified, cloud-native interface.

Privacy by Design Data Loss Prevention

As international organizations work to meet new and changing local privacy and data sovereignty requirements, Proofpoint now hosts its Sigma Information Protection platform in regions such as the European Union, Japan, and Australia in addition to the U.S.

Proofpoint is also further investing in privacy-related capabilities so that organizations can mask sensitive data in the console to limit its exposure and create custom data access policies to address privacy and compliance needs. 

Additional features are available in beta, with general availability expected in Q3 2023, enabling organizations to anonymize identifying user information so analysts can investigate without bias and with better privacy for the user.

Administrators will also be able to set up metadata for anonymization and approval workflows for de-anonymizing the metadata during investigation.

The post Proofpoint Unveils New Innovations to Combat Increasingly Common Threats appeared first on My TechDecisions.

The Sunnyvale, Calif.-based company’s’ State of the Phish report finds that email-based phishing attacks remain a thorn in the side of IT and security professionals, with 84% of organizations surveyed saying they had at least one successful email-based phishing attack against them in 2022.

Those phishing attacks are impacting the bottom line, with the amount of organizations reporting financial losses as a direct result of phishing attacks increasing by 76% compared to 2021.

New phishing attack methods emerge

While phishing, ransomware, brand impersonation and cyber fraud remain major culprits, Proofpoint highlighted a range of emerging threats, including telephone-oriented attack delivery (TOAD) and multifactor authentication bypass such as adversary-in-the-middle (AiTM).

In the report, Proofpoint says those phishing methods “made waves” in the threat landscape.

The company defines a TOAD attack as one in which targets receive a message, typically containing a fake invoice or alert, that includes a phone number for customer service for questions. If the victim calls the number, they are connected directly to the attacker, who then tries to convince the victim to download malware, transfer money or enable remote access.

In addition, threat actors now have a range of methods to bypass MFA, and some phishing-as-a-service providers already include MFA bypass in their off-the-shelf phishing kits, the company says.

“Unknown to most users, these techniques gave cyber attackers a new advantage,” Proofpoint says in its report. “At their peak, TOAD and MFA bypass saw hundreds of thousands of attacks sent per day—ubiquitous enough to threaten most organizations.”

Specifically, attackers made about 400,000 telephone-based phishing attempts on average per day, with attacks peaking at 600,000 per day in August 2022.

While the report didn’t include data on the number of MFA bypass attacks, one recent case involving Uber spells out the danger. The rideshare giant disclosed in September 2022 that it was the target of a cyberattack.

According to Uber, an Uber external contractor’s account was compromised by an attacker, and the contractor’s corporate credentials were likely purchased on the dark web after the contractor’s personal device was infected with malware.

The attacker then tried to log in to the contractor’s Uber account several times, prompting a two-factor login approval request to be sent to the contractor’s device. Two-factor authentication worked in preventing unauthorized access, but the contractor eventually accepted a login approval request, opening the door for the threat actor.

Then, the attacker accessed several other employee accounts that ultimately ended with the attacker gaining elevated permissions to a number of tools, such as G-Suite and Slack. This is how the attacker was able to communicate with Uber employees via Slack. With free reign, the attacker reconfigured Uber’s OpenDNS to display a graphic image to employees on some internal sites, according to the company.

Phishing still works really well

With these more sophisticated phishing methods and advanced social engineering, phishing attacks are still highly successful, according to Proofpoint.

Attackers are smart, and they know how to convince users to click on links and open attachments in emails. This includes impersonating trusted brands such as Microsoft, Amazon, DocuSign, Google and other companies that provide widely-used enterprise tools.

According to Proofpoint, the company observed about 1,600 brand impersonation campaigns, with Microsoft the most abused brand. Over 30 million messages used Microsoft branding or featured a Microsoft product such as Office or OneDrive.

Simulated phishing attack data shows that Microsoft OneDrive-related email attacks had a 7% failure rate, while DocuSign and FedEx impersonations had an 11% failure rate. Since it only takes one users to lead to an organization-wide compromise, those statistics are alarming.

However, an even more successful phishing lure is COVID-19, with pandemic-themed phishing simulations leading to a 17% failure rate. COVID also appeared twice in the company’s list of “trickiest” themes, which is defined as attacks with the highest failure rate regardless of how many times the template was used.

Awareness still lacks

Despite renewed emphasis around end-user training and awareness, end users still struggle to understand basic cybersecurity concepts, regardless of the phishing methods used.

According to Proofpoint’s report, only 40% of users know what ransomware is, although that is a 9% jump from 2019. In addition, just 58% of users said they know what phishing is, which is a 5% increase from 2021 but a decrease of 3% from 2019.

In addition, users still struggle to spot phishing emails, with 21% saying they don’t know that an email can appear to be from someone other than the sender, 44% saying they don’t know that a familiar brand doesn’t mean the email is safe, and 63% saying they don’t know that aee mail link text might not match the website it goes to.

Nearly 30% of users are still reusing passwords for multiple work-related accounts, and 80% of home and work Wi-Fi users didn’t change the default admin password from their routers, which is slightly worse than 2021.

With organizations continuing to embrace remote and hybrid work, that lack of security awareness is alarming. This could lead to substantial risks for organizations and their data, says Alan Lefort, senior vice president and general manager of security awareness training at Proofpoint.

“As email remains the favored attack method for cyber criminals and they branch out to techniques much less familiar to employees, there is clear value in building a culture of security that spans the entire organization,” Lefort says.

The post Phishing Remains a Favorite Hacking Tool as New Methods Emerge appeared first on My TechDecisions.

Now, hackers are experimenting with other file types, including using virtual hard disk, compiled HTML and OneNote, according to new research from enterprise security software company Proofpoint.

The Sunnyvale, Calif.-based firm says in a new blog that their researchers have noticed an increase in the use of OneNote documents to deliver malware via email to end users. Proofpoint researchers says in December it observed six campaigns using OneNote attachments to deliver AsyncRat malware. In January, Proofpoint observed more than 50 OneNote campaigns with different malware payloads, including AsyncRAT, Redline, AgentTesla and DOUBLEBACK.

The use of OneNote to deliver malware, Proofpoint writes, is unusual. However, it comes as Microsoft continues to take steps to prevent its tools to be used for malicious purposes, such as blocking Office macros by default. Now, attackers are experimenting with different attachment types. Proofpoint came to a similar conclusion in July 2022, saying attackers were already experimenting with other file types when Microsoft first announced the move.

“The technique may be effective for now,” Proofpoint researchers wrote in the Feb. 1 blog. “At the time of analysis, multiple OneNote malware samples observed by Proofpoint were not detected by numerous anti-virus vendors on VirusTotal. Proofpoint continues to assess these activity clusters and does not attribute them to a tracked threat actor.”

The company says malware campaigns leveraging OneNote share similar characteristics, such as unique messages to deliver malware and the lack of threat hijacking. Messages typically contain OneNote attachments with themes such as invoice, remittance, shipping and seasonal themes including Christmas bonuses.

One group, TA577, a cybercrime group tracked by Proofpoint since 2020 that delivers payloads such as Qbot, IceID, SystemBC, SmokeLoader, Ursnif and Cobalt Strike, has been conducting similar campaigns using OneNote since late January.

According to Proofpoint, OneNote documents used maliciously contain embedded files, which are often hidden behind a graphic that looks like a button. When a user double clicks on the embedded file, they are prompted with a warning. If the user clicks “continue,” the file executes.

These malicious OneNote attacks have increased significantly between December 2022 and the end of January 2023. While the company only saw OneNote campaigns deliver AsyncRAT in December, researchers saw seven other malware payloads distributed via OneNote attachments last month, with targets located globally, including in North America and Europe.

Multiple threat actors are believed ot be using the OneNote attachment tactic in an attempt to bypass threat detections, and more sophisticated actors may begin using OneNote attachments soon, Proofpoint concludes.

TA577’s adoption of OneNote is particularly worrisome, as the group is an initial access broker that facilities follow-on infections for additional malware, including ransomware, Proofpoint researchers say.

“Based on data in open-source malware repositories, initially observed attachments were not detected as malicious by multiple anti-virus engines, thus it is likely initial campaigns had a high efficacy rate if the email was not blocked,” the company says, noting that its own customers were protected since Proofpoint detected the malicious emails. “It is likely more threat actors will adopt OneNote attachments to deliver malware.”

The post Hackers Are Pivoting to OneNote Documents for Malware Delivery appeared first on My TechDecisions.

With the acquisition, Proofpoint says it will enhance its threat and information protection platforms by adding proactive identity risk discovery and remediation as well as post-breach defense capability, providing a unified solution that extends protection across the entire attack chain for critical threats like ransomware​ and data breaches.

The global increase in cyberattacks has been enabled by attackers shifting their tactics and focus to identity-based attacks, with 84% of organizations falling victim to an identity-related breach in the past year. These attacks traverse through identities – from privilege escalation to lateral movement and abuse of Active Directory and cloud environments, such as Microsoft 365. With Illusive, Proofpoint’s visibility into the identities that are attacked and vulnerable across an organization will equip enterprises with insights into their privileged access attack surface, the companies say.

“It’s currently far too easy for an attacker to turn one compromised identity into an organization-wide ransomware incident or data breach,” said Ryan Kalember, executive vice president, cybersecurity strategy, Proofpoint, in a statement. “The acquisition of Illusive reinforces Proofpoint’s commitment to innovation and growth, bringing market-defining technology to make threat actors’ jobs as difficult as possible.”

Illusive’s solutions are used by multinational corporations, protecting some of the world’s best-known brands by taking away what attackers need to complete their crime: privileged account access.

“Illusive is solving a problem that others cannot by focusing on protecting identity security vulnerabilities and stopping the menace of ransomware, which has galvanized worldwide demand for our solution,” said Ofer Israeli, founder and CEO, Illusive. “We are thrilled to join Proofpoint and add our unique approach to ITDR to its people-centric security vision, helping organizations remediate privileged identity risks and understand potential ramifications of compromise, such as access to critical data and intellectual property.”

Together, Proofpoint and Illusive will deliver identity security as part of Proofpoint’s threat protection platform including:

• Automatic discovery and remediation of identity vulnerabilities before attackers exploit them with Illusive Spotlight: with its agentless approach, Illusive Spotlight delivers visibility into vulnerable identities by scanning directory structures (e.g., Active Directory), privileged access management (PAM) solutions, endpoints, servers and services, revealing the gaps between the intention of an organization’s identity security policies and the reality of their environment.
• Detection and response to identity threats to stop privilege escalation and lateral movement to critical assets with Illusive Shadow: unlike other deception technologies that deploy agents or honeypots which can tip off or be exploited by the attacker, Illusive Shadow’s agentless architecture prevents attacker detection and is undefeated in over 150 red team exercises. It allows organizations to deterministically accelerate threat detection by identifying threats based on attacker interaction with deceptions, not probabilistic controls based on signatures or behaviors.

The post Proofpoint to Acquire ITDR Company Illusive appeared first on My TechDecisions.

That is according to a new study from cybersecurity company Proofpoint and  Cybersecurity at MIT Sloan (CAMS), which surveyed 600 board members at organizations with at least 5,000 employees across 12 countries. The research found that most board members have a pessimistic view of their organization’s ability to defend itself despite 77% of respondents agreeing that cybersecurity is a top priority and 76% saying they discuss the topic at least monthly.

Further, 75% believe their boards clearly understand the systematic risks their organizations face and 76% claim to have made adequate investments in technology, but technology and tooling is only part of the solution and may be relied upon too heavily, the survey suggests.

According to the World Economic Forum, human error leads to 95% of all cybersecurity incidents, but only two-thirds of board members told Proofpoint that human error is their biggest vulnerability. This suggests that board members are out of touch with the basic cybersecurity practices that can prevent most cyberattacks.

The results of this survey of board members contrasts with Proofpoint’s 2022 Voice of the CISO report. Sixty-five percent of board members say their organization is at risk of a material attack, but only 48% of CISOs feel the same. That could be the result of a larger disconnect, as 69% of board members say they don’t see eye-to-eye with their chief cybersecurity experts. Meanwhile, just 51% of CISOs say the same about their board members.

Other areas of disconnect were in top perceived threats. Board members ranked email fraud and business email compromise as their top security concern, and although CISOs also ranked that highly, they see insiders as their top threat.

Other disagreements are in the perceived consequences of a cyber incident. Board members feel that internal data becoming public is at the top of that list, followed by reputational damage and revenue loss. However, CISOs say they are more worried about downtime, disruption of operations and impact of business valuations.

Lucia Milică, vice president and global resident CISO at Proofpoint, calls it encouraging that boardrooms are finally taking cybersecurity seriously. However, they still have a long way to go to understand the threat landscape and prepare for material cyberattacks.

“One of the ways boards can boost preparedness is by getting on the same page with their CISOs,” Milică says. “The board-CISO relationship is instrumental in protecting people and data, and each side must strive toward more effective communication and collaborative effort to ensure organizational success.”

The post Board Members, CISOs Aren’t on the Same Page appeared first on My TechDecisions.

The platform leverages Proofpoint’s proprietary machine learning engine to provide business leaders with AI powered collection, clarify classification, detection, prevention, search, e-discovery, supervision and next gen predictive analytics while meeting complex compliance and informational governance obligations.

The platform enables intuitive compliance, insider risk, and data management controls to classify or predict risks across a wide array of digital communications channels, files, e-mail and endpoint activities.

Compliance, IT, information management and legal teams will gain greater visibility and access to information to the growing volumes of enterprise data, detecting and preventing corporate and regulatory risks in real-time.

“We understand today’s organizations are overwhelmed with growing volumes of data that are incredibly difficult to manage. For Compliance and Legal staff, that means having to manually search and review petabytes of messages or files from regulatory compliance, supervisory, or investigation review queues,” said Kevin Leusing, senior vice president and general manager of compliance at Proofpoint, in a statement. “The new Intelligent Compliance Platform vastly improves the detection of non-compliant communications and content while quickly pinpointing supervised insider risks.”

The intelligent compliance platform is powered by several Proofpoint solutions, such as capture, patrol, track, archive, discover, supervision and automate.

Customer benefits include the following:

• Unified Data Collection and Preservation: Customers can easily manage content from communication platforms including Microsoft Teams, Zoom, Meta, LinkedIn, Slack, Instagram, and Twitter. API-based content collection is automatically centralized with an extensible platform that consumes all data types including audio, video, and text. Content tracking provides a full audit trail where data in transport is reconciled and scanned for anomalies from source to destination.
• Automated Risk Detection in Real-time Digital Communication: Customers can automate detection of communication trends to pinpoint the source of supervised insider risk. Customers can proactively monitor sensitive data and be alerted as compliance violations occur.
• Supervisory Flag Deduplication: Compliance, IT, and Legal teams can significantly reduce the amount of time spent on data review by bypassing pre-flagged content (such as replies and forwards).
• AI-Powered Data Discovery with Case Management: Customers can track communications data history interactively with advanced visualizations, intelligent conversation threading, and review content in native chat view.

The post Proofpoint Launches Intelligent Compliance Platform appeared first on My TechDecisions.

The Sunnyvale, Calif.-based company’s report, in collaboration with The Cloud Security Alliance—a consortium of leading IT and security companies such as Microsoft, Google, CrowdStrike, IBM, Oracle, Okta and more—shows that 81% of organizations are highly concerned about risks surrounding their supplies and partners, with nearly half citing data loss as a primary risk.

The report, results of a survey of more than 950 IT and security professionals, found that the level of concern is warranted, as 58% of organizations said their third parties and suppliers were the target of a cloud-based breach in 2021.

Targeting of cloud apps is also a major issue, with organizations concerned that the apps contain or provide access to email, (36%), authentication (37%), storage/file sharing (35%), customer relationship management (33%), and enterprise business intelligence (30%).

According to Proofpoint, organizations are most concerned about data loss, with 43% listing protecting customer data as their primary cloud and web security objective this year. However, just 36% have a dedicated data loss prevention solution in place.

Meanwhile, 47% said their legacy systems are a key concern within their cloud security posture, and 37% said they need to increase security awareness and training to educate employees on more secure behavior.

Lead author of the report and research analyst at the Cloud Security Alliance Hillary Barton said in a statement that the accelerated digital transformation due to the pandemic is resulting in more challenging security approaches.

“While these initiatives strive toward improving worker productivity, product quality, or other business objectives, there are unintended consequences and challenges because of the large-scale structural changes required,” Baron said. “One of those challenges is developing a cohesive approach to cloud and web threats while managing legacy and on-premise security infrastructure.”

The post Third Parties and Partners are Leading to Increased Cyber Risk appeared first on My TechDecisions.

Microsoft first announced the VBA macro blocking in February 2022, just a few months after announcing it would begin blocking XL4 macros by default as well.

However, threat actors are already moving onto new tactics, techniques and procedures to get around the new macro-blocking feature, according to cybersecurity software company Proofpoint.

The Sunnyvale, Calif.-based company’s research shows that hackers were listening to Microsoft’s announcements and began increasingly using container files such as ISO and RAR, as well as Windows Shortcut (LNK) files to distribute malware.

In a report based on research from October 2021 through June 2022, the use of macro-enabled attachments by threat actors decreased by about 66%. Meanwhile, cyberattacks using container file formats (.iso, .rar, .zip, .img and LNK attachments) are up, rising nearly 175% in the same timeframe.

In particular, Proofpoint notes the increased use of ISO and LNK files, which threat actors are using as initial access mechanisms. The use of ISO files has increased 150% in the same timeframe Proofpoint studied, with more than half of 15 tracked threat actors using ISO files in campaigns after Microsoft began blocking Office macros by default in February 2022. HTML attachments containing malware are also on the rise, but the number remains low, according to the company.

However, the most notable shift away from macro-based attacks are the increased usage of LNK files, with such attacks using that file format increasing 1,675% since October 2021. Now, multiple advanced persistent threat (APT) actors are using LNK files with increased frequency.

“Proofpoint researchers assess with high confidence this is one of the largest email threat landscape shifts in recent history,” the company notes in the report. “It is likely threat actors will continue to use container file formats to deliver malware, while relying less on macro-enabled attachments.”

Although the use of Microsoft Office macros in cyberattacks is trending down, there have been some outliers over the last year, including a March campaign of a threat actor delivering the Emotet malware via XL4 macros. When that specific campaign dropped off in April, it began using other file types, such as XLL and zipped LNK attachments, according to Proofpoint.

Similarly, the use of VBA macros in attacks also spiked in March, but has otherwise been on a downward trend, the company’s report says.

The post With Microsoft Office Macros Blocked by Default, Hackers are Using Other Techniques appeared first on My TechDecisions.