Tackling advanced phishing attacks, spoof websites and Office 365 targeted threats
Renowned as a world-class stadium, our client is home to International Test, World Cup and County Cricket matches – as well as playing host to some of the biggest music concerts in the world including Beyoncé, Take That, Rihanna, David Bowie, Radiohead and Bruce Springsteen. As such, all aspects of security are of paramount importance – be it physical security, biosecurity or cybersecurity. It was on this third aspect that they put their trust in EveryCloud.
Having moved to Office 365, the board had observed an increase in volume and sophistication of phishing attacks – including regular and specific targeting of the CEO. This was despite having deployed Microsoft’s Advanced Threat Protection (ATP) as part of their email security solution. The problem was exacerbated as incident response was labour intensive and unscalable – lacking automated phishing forensics and remediation of emails.
Upon engaging EveryCloud, it became clear that the key attacks bypassing the client’s existing defences were mainly impersonation attempts – specifically business email compromise (BEC) seeking to enable financial fraud and spoof login pages aimed at credential theft. These happen to be the top cyber threats to sports organisations identified in the NCSC July 2020 report.
By trialling the IRONSCALES Advanced Phishing Platform in a non-intrusive environment, we were able to see that Office 365 Advanced Threat Protection was unable to combat the more advanced and sophisticated phishing attacks being thrown at our client – as these emails did not contain any identifiable malicious links or attachments. Furthermore, cybercriminals are now testing and customising phishing campaigns to specifically to target Office 365 users. We were able to demonstrate how IRONSCALES mailbox-level anomaly detection and computer vision could safeguard against these attacks, whilst the one-click automated remediation capability and mobile app could save significant IT security time.
In tandem, we ran a phishing simulation campaign which showed that a significant number of colleagues who opened such an email were being lured to click on the malicious link. So we introduced dynamic, contextual alert banners (rather than the all-encompassing ‘beware external sender’ type banners, which typically result in banner fatigue and are often ignored). We also enabled VIP impersonation protection for the CEO and other senior targets within the organisation.
Through EveryCloud’s ‘Protect Your Sport’ campaign, we also engaged our client with another major sports organisation who were able to share their experiences of working with EveryCloud and how we had helped them overcome similar information security challenges.
Having met the trial objectives, we moved to full deployment of the IRONSCALES platform across the entire organisation – and our client now benefits from:
- Superior mailbox intelligence combining sender fingerprinting, inbox behavioural analysis and advanced mapping of trusted sender
- Automated investigative analysis and automated remediation
- Virtual SOC analyst capability, providing real-time, actionable threat intelligence
- Advanced URL & malware protection leveraging computer vision and neural network technology, to detect and block visual deviations of spoofed websites and brands in real-time.
By taking a comprehensive, all-in-one approach, EveryCloud has put our client in the best position to fight the key attack trends being thrown their way – including business email compromise, cyber-enabled fraud, malware, ransomware, credential theft, polymorphic and zero-day attacks. So they can focus on what they do best – safely providing world-class sporting, musical and events experiences to their guests.
