“Glaring flaw enables attackers to drive coach and horses through Office 365 security”. That’s how one magazine recently described a newly discovered vulnerability in Office 365.
It’s quite a simple technique. Split a URL into two parts, a base URL and the href extension. As long as the base URL checks out clean (as they often do when you shorten a URL) then all other links within the headers or body of the mail aren’t checked (or at least, not to the same level). Therefore, it’s quite possible to contain a link pointing to a page with malware on it or deliver ransomware.
Avanan, the company that discovered the vulnerability, has produced an excellent video showing how this vulnerability works. It can be found on YouTube by clicking here.
In the security world, we often talk about layered defenses, or the onion model, and have always recommended augmenting your email provider with additional technologies. This, in particular, highlights the dangers of taking for granted the security you get from your mail provider. Their expertise is in delivering mail. Sure, they will weed out and reject the obvious which will reduce the load, but what gets through needs to be checked more fully. This is why we at Secon Cyber have various products that compliment your email provider and add that additional layer of security.
As of the time of writing, and according to both Microsoft and Avanan, there is no fix. We are monitoring the forums and I expect we will see more of this in the near future. We recommend users to be extra vigilant and it may be useful to notify them and remind them about phishing emails.
For more information about how to improve the quality of your email service, remove the reliance on a single vendor and reduce the likelihood of infection get in touch.