A few weeks ago, we got the news that employees of several Finnish companies were victims of phishing attacks. All the attacks had a common denominator: O365 and they all followed the same pattern.

Once the hacker managed to steal users´ login credentials (in general the victims were two types of employees: those with decision-making power and those in charge of transfers and/or bills payment), he modified the account settings so that he could get a copy of each email sent by the user.  email isolation

As a result of this wave of attacks, the National Cyber Security Center of Finland (NCSC-FI) advised all those companies using O365 to verify their accounts to disable any unauthorized forwarding or detect any unusual login location. In addition, authorities recommended that companies set up forwarding rules and incorporated MFA methods.

At Randed, we believe that all these tips are good but not enough.

By restricting forwarding rules, we will not stop hackers from achieving their goals.

The focus should not be on mitigating or reducing the damage once the hacker is already inside the system, but on preventing them from entering it and this is something that, as of today, can only be done with RITech, a web isolation technology.

How can we shield the corporate network and avoid attacks like these?

Currently, the only technology on the market capable of guaranteeing protection against attacks of this type is web isolation.

What is web isolation?

As already mentioned in previous posts, web isolation is a proactive approach that does not distinguish between good and bad. Due to its agnostic character, it distrusts everything. Consequently, the only option is to separate the browser from the user´s device.

By executing users´ browsing sessions on our platform, away from the endpoints, and sending back to them only images, we managed to prevent everything (good or bad) from reaching the corporate network.

For the first time, it does not matter what the hacker does, the strategies he devises or the attacks he launches. The attacks will continue to happen, but they will no longer be able to achieve web-based business processes or isolated endpoints.

What are the benefits of isolating O365 or any other web-based email? email isolation

  1. Possibility of creating personalized messages that sensitize users about the risks and the existence of phishing attacks.
  2. Automatic opening of links within isolated environments. Any link received by email will be opened within an isolated environment, thus avoiding the following scenarios:
  • No drive-by downloads will ever reach users´ devices
  • No credential theft: by transforming all the code into images, we prevent hackers from being able to understand the information entered by users
  • No script or malicious code hidden in the ads can infect users´ devices
  • Filtering functionality: with RITech the administrator can decided which characters strings of words can by typed by users.
  • In relation to attached documents, RITech offers different alternatives:
  • Documents can be opened in read-mode only
  • Downloads can be allowed once the document has been scanned by an antivirus solution
  • All downloads can be allowed under the responsibility of the IT administrator

Would you like to know the best part?

There are many more things that RITech can do to protect your company, please contact us to find out how we can help you say goodbye to phishing attacks.

Follow us on Twitter and LinkedIn to keep up-to-date with the latest news.