AppRiver: We Help Partners Mitigate Office 365 Vulnerabilities

Conversation hijacking is the most prolific type of business email cyberattack hitting and gaining traction within Office 365 email, according to audits by AppRiver, which touted its email security offerings at an XChange 2019 solutions session in Las Vegas Tuesday.

“In the latest version of this, they’re not just going after the C-level execs or financial people, they’re actually going after the average employee,” said Doug Cashio, AppRiver’s West Coast channel sales engineer.

Cybercriminals gain access to an employee’s password and mailbox, forward or redirect messages, monitor the conversations and wait for the right moment to pounce—when an employee emails human resources about setting up direct deposit for his paychecks, for example.

“When payday comes, they pay the hacker,” Cashio said.

Microsoft is the most targeted company in terms of its operating system because it’s the most widely distributed, according to AppRiver, a Gulf Breeze, Fla.-based email security company and Office 365 provider that has about 10 million email boxes under management. But Microsoft has a difficult time addressing the attacks on its own customers because they circumvent its own detection safeguards. AppRiver discovered in October that hackers are using valid Microsoft Azure storage servers to launch their ransomware and malware attacks, according to Cashio.

AppRiver’s email security platform has built-in training that partners can provide to end users who are most hit by phishing and malware attacks. An impersonation detection tool helps prevent bad actors’ malicious email from getting through under the guise of being sent by a CEO or other top executive. And AppRiver’s platform has a security audit tool that gives reports with very granular information.

Advanced auditing is a free tool within Office 365 itself that should be turned on for every single employee of partners’ customers, according to AppRiver.

“It tells you the who, what, when, why and where down to the physical IP address of who did these changes,” Cashio said.

While it doesn’t help prevent a breach, it helps with mitigation and trying to understand what happened when a breach occurs, according to Justin Gilbert, director of channel sales, North America.

But one of the biggest cybersecurity problems that AppRiver sees from its security audits is more basic—systems administrators’ password sets never expire.

“Admins always hold their users to a higher standard than they hold themselves,” said Gilbert.

AppRiver recently rolled out a new partner program that offers solutions sales training, auditing assistance, and white-label marketing and training videos. The company has very “high-touch” support, according to Gilbert, with a goal of marking partners “look like rocks stars.”

“We actually pay a team of people to do nothing more than just to answer the phone and make sure you get to the right place,” he said.

Laurie Bunce, president of Centratel, a hosted voice and unified communications company in Largo, Fla., has just started exploring the managed service provider world and is interested in learning more about cybersecurity in particular.

“I know with the new technologies like [the Internet of Things] and 5G that we needed to be offering more cybersecurity to our customers,” said Bunce, who was struck by “how easy it is for people using [Office] 365 to have a phishing or hacking event, and the benefit of showing that to customers or potential customers to get your foot in the door.”