Connect with our team of offensive security, AI security and pen testing experts at Black Hat Europe 2023. Learn More

Connect with our team of offensive security, AI security and pen testing experts at Black Hat Europe 2023. Learn More

Managed Detection & Response

Eradicate cyberthreats with world-class intel and expertise

Managed Security Services

Expand your team’s capabilities and strengthen your security posture

Consulting & Professional Services

Tap into our global team of tenured cybersecurity specialists

Penetration Testing

Subscription- or project-based testing, delivered by global experts

Database Security

Get ahead of database risk, protect data and exceed compliance requirements

Email Security & Management

Catch email threats others miss with layered security & maximum control

Co-Managed SOC (SIEM)

Eliminate alert fatigue, focus your SecOps team, stop threats fast, and reduce cyber risk

Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
The Trustwave Approach
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Platform
SpiderLabs Fusion Center
Security Operations Centers
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Using Microsoft 365? Why Complementary Security Tools are Essential

Many enterprise organizations use Office 365 (recently renamed Microsoft 365) as a robust suite of secure communication apps, productivity tools, and even as a cloud infrastructure service. While Microsoft provides outstanding built-in security features, the sheer size of the service and its number of users creates an inviting target for threat actors. In this article, we’ll go over potential risks that organizations might face when using Microsoft 365, what built-in security tools they have access to, and what complementary tools you can use to comprehensively defend your organization.

Why Microsoft Office 365 is a target

Microsoft Office is used a lot. A PTG article recently reported that nearly 1 in 5 corporate employees use an Office 365 cloud service and by user count, Office 365 is the most widely used cloud service. Its market share is only second to Google Apps (42% vs 53%, according to Statista at the time of this writing) and a Gartner report recently noted that 58.4% of sensitive data in cloud documents are stored in office documents.

While this level of penetration, especially on the enterprise side, is good for Microsoft, it also paints a target on the tech giants’ head. Cybercriminals and nation-state actors can target Microsoft’s applications and focus their exploit development and vulnerability scanning on Microsoft software, knowing that a success in that area will allow them to deploy these exploits to a huge audience.

Threat actors, knowing that a huge majority of internet users use Microsoft 365, will develop phishing and spam campaigns taking advantage of that information or outright impersonating them.

Risks faced by Microsoft 365 users and customers

Trustwave has documented research detailing how Microsoft 365 users have been targeted with specific threats and attacks. The 2020 Global Security Report has found that over 46% of emailed malware detected in 2019 used .doc and .docx file types. We’ve also previously documented how bad actors can hide malicious code, links, or attachments in emails, leveraging Microsoft 365 documents because they’re widely used and trusted. Trustwave SpiderLabs also found that users were receiving phishing emails that prompted them to download fake Windows Updates that were actually ransomware.

There have been multiple instances of email campaigns where spammers impersonate Microsoft and link to spoofed sites designed as Microsoft log-in pages to steal victims’ log in information. According to the previously mentioned Gartner analysis, on average, “an organization experiences 2.7 threats each month within Office 365.”

Clearly the risk posed to enterprises is significant. Threats and new methods of attacks targeting Microsoft’s software continue to evolve. Fortunately, when it comes to security, there are options worth considering.

Microsoft Office security offerings

Microsoft Office provides solid protection if you’re an enterprise business premium user. While standard members get preventative measures like Windows Defender, spam filters, multi-factor authentication (MFA), and ransomware protection, premium users can also leverage messaging encryption, advanced threat protection (ATP), data loss prevention (DLP) policies, and exchange online archiving (EOA), which provide a robust way of archiving data and reducing your litigation risk.

While this suite of tools and software provide a good balance of prevention and detection, you have to ensure these cybersecurity measures are properly configured so they can work effectively with your organization’s specific environment.

If you haven’t yet, Microsoft also has a comprehensive page that details how to set up some of these tools and features for your organization.

Supplementing your existing Microsoft 365 protection

Unfortunately, as helpful as Microsoft Office’s suite of security tools is, you may have some security gaps, especially if you’re not an enterprise business premium user. And even if you do have the full suite of security products, you may not have the protection you require given how quickly threat actors move. A recent study found that 25% of detected phishing attacks bypass default security measures built into Office 365.

In order to further bolster your defenses, we recommend focusing on your email security, user rights management, and database security.

Black hat hackers are primarily going after their targets by way of phishing and targeted email attacks designed to bypass traditional detection software. Investing in the right comprehensive email security tool will be able to flag malicious emails even if hackers go to great lengths to hide the link or malicious code deep within an email or its attachment. This helps ensure you can detect an attack, giving you the opportunity to respond appropriately.

User rights management is incredibly important in the event that a cybercriminal succeeds in their attempt to steal log-in credentials. If they’re able to get into your network, their ability to access your extremely sensitive data and cause damage is limited if you’ve put in parameters limiting what access a given employee has within your network.

Database security is also essential to make sure that if a breach does happen by way of a Microsoft 365 vulnerability, you’ll be able to protect your most important assets. As we covered in a previous article, the right kind of database protection will provide visibility into the relationships of users and applications and the data objects they have access rights to, so that you can work with the business owners to reduce access. While that process is occurring, database monitoring will help you flag any anomalies or odd behaviors that may occur from a compromised employee’s account.

Microsoft 365 is an incredibly important tool for enterprises. To protect your organization, make sure you’re always updating your software, making the most of the available security tools Microsoft offers and consider leveraging additional solutions to make up for any potential gaps in detection and/or response.

To learn about how Trustwave can help you supplement your Microsoft 365 security, check out our Active Defense and Extended Protection for Office 365 or read our white paper on Office 365 security.

Latest Trustwave Blogs

The Two Sides of ChatGPT: Helping MDR Detect Blind Spots While Bolstering the Phishing Threat

ChatGPT is proving to be something of a double-edged sword when it comes to cybersecurity.

Read More

Trustwave MailMarshal Email Security Protects Against WinRAR Vulnerability CVE-2023-38831

The importance of email security cannot be understated. Proof of this can be seen in some recent research conducted by the Trustwave SpiderLabs team around our email security product MailMarshal.

Read More

Bah, Humbug! Grinchbots and Freebie Bots Attempt to Ruin Holiday Shopping for Consumers and Retailers

If the holiday classic “How the Grinch Stole Christmas” was remade in 2023, the mean green guy might be played by an Internet bot.

Read More