Expel report finds hackers focused on compromises between business email and apps

Security news

Rachel Espaillat

“Over 50% of the incidents we detect are not malware. It’s not that I’m trying to deploy a backdoor on your computer. It’s, ‘I just want your identity so I can use that identity to do something,’” says Jon Hencinski of Expel.

Cybersecurity provider Expel has swapped its monthly attack vector reports for quarterly reports to give customers better insight into current threats. The report also provides ways to guard against cyberattacks.

In Expel’s first quarterly threat report, the Herndon, Va.-based startup found hackers targeting Microsoft Office 365.

“When these attackers attempt to break into these organizations, they are not exploiting vulnerabilities in these applications. They take advantage of the features of these products to trick an employee into opening a document and running malicious code and an embedded macro or taking advantage of a feature,” said Jon Hencinski, director of threat detection and response at Call.

In Microsoft Office 365, the report found that more than half of reported incidents involved business email compromise (BEC).

“Over 50% of the incidents we detect are not malware. It’s not “I’m trying to deploy a backdoor on your computer”. It’s, “I just want your identity so I can use that identity to do something.”

Nearly a quarter of Expel customers have faced a BEC attempt at least once and 8% of customers have been targeted more than three times also in Microsoft Office 365.

“Organizations are probably a very viable target, given that there are so many payments they process every day,” Hencinski said.

While security awareness training can help, Hencinski said it’s not enough.

“If an attacker can trick an employee into submitting their username and password, they can add a third field and say, ‘Hey, what’s your multi-factor authentication code as well.’ So even if I think that employee awareness training is worth considering, I think the best investment is Fido, security keys for your employees and organizations.”

Hencinski goes on to say, “Let’s make these apps more secure by default so attackers can’t take advantage of these features for bad things to happen.”

Expel’s quarterly report also offers tips to help customers and customers stay resilient.

“What this highlights for me is that we are changing now, and we are seeing more of the aftereffects of moving to a more remote workforce. Everyone is still transitioning and moving from on-premises to cloud, and we’re all in these hybrid environments. When you start migrating to these hybrid environments, you have new attack vectors that are open,” said Ryan Benson, director of security operations services at Stratascale, an Austin-based IT service management firm, in Texas.

Previous Apple's new feature could protect you from hackers
Next Lileks: Hey hackers, just try reading this