Attention CIOs, CISOs and IT Administrators!
A quick review of the HHS Breaches Over 500 list paints a pretty grim picture of the number of breaches affecting 500 or more individuals. Breaches have been steadily increasing and the culprit is clear: Hacking/IT incidents, namely email phishing attacks. Fraudsters and criminals are exploiting vast databases of compromised user credentials to make payroll. These accounts are publicly available for lookup. Anyone can access these credentials and they are available for as little as $45 for 1000 account/password pair.
According to a recent Proofpoint study, 72% of all cloud users have been targeted at least once for an attack and of those, 44% were successful. That’s right, almost 1-in-2 targeted attacks were successful. This number includes organizations using Multi-Factor Authentication (MFA).
Why are these attacks so successful?
Internet Message Access Protocol (IMAP) is a legacy email protocol which is turned-on by default when email is enabled for users and is not integrated with MFA. It was originally designed to give people a way to connect via electronic mail.
Unfortunately, IMAP is being used by Hackers to test email address and password combinations to see if they can login and bypass MFA. Once they are in, they can use that same login and password to connect via VPN and gain full access into the network allowing them to forge emails and download email attachments.
In today’s Office365, IMAP is turned on by default (for backward compatibility) and unless it is needed, it must be turned off in order for MFA to be effective.
Three Steps to control email phishing attacks and more effectively use MFA
First, turn off IMAP and POP3 in Office365
- Launch the Exchange Administrator Console
- Open User Mailbox
- In each User’s Mailbox, go to Mail Features, scroll-down, and disable IMAP and POP3
Second, turn on Multi-Factor Authentication
- Go to Multi-Factor Authentication Controls
- Use prompts, guides or just highlight users and turn on MFA for multiple users.
Third, set passwords to never expire and require a longer, easy-to-remember but hard-to guess passphrase. You could also encourage each user to install an encrypted password program i.e. Keepass to secure and store all passwords.
By implementing the above changes, it will help comply with HIPAA Security §164.308(a)(3)(i) (Implement P&P to ensure appropriate ePHI access) and §164.312(a)(2)(i) (Assign unique IDs to support tracking) while blocking hackers from bypassing MFA. Take steps today to turn off your IMAP and POP3 and capitalize on your Office 365 and Exchange investments.
Like our blog? You can watch our webinar for an in depth look at controls you can implent today to avoid an email phishing attack: “Confessions from a HIPAA Auditor: Breaches Surge Due to Email Phishing” In this webinar session, we discuss the most common data breached we see happening in the industry, namely email hacking. We explore the anatomy of an email phishing breach and how to leverage the HIPAA Security Risk Analysis to cover this threat. We also highlight three practical steps you can take to prepare for a data breach and avoid being the next target.”