Alert: Malformed HTML helps phishing emails evade Office ATP
In the past week or two, our team at BitDam
Malicious files and links regularly bypass all the leading email security products, leaving enterprises vulnerable to email-based attacks including Ransomware, Phishing and data breaches (and more specifically, Emotet, Dridex, Maze, Lokibot, Wannacry and more).
We see this first-hand working with customers. Installed as a last line of defense, BitDam ATP for email detects malicious attachments that slip through various SEGs. When customers use BitDam Lucky Meter to check how protected their email is against fresh malware, their email security products score poorly, failing to block most of the samples included in our BAS test.
Could this explain the shortcoming of email security products? To answer this question we conducted an empirical study to measure their ability to detect Unknown Threats at First Encounter.
The study entails retrieving very fresh samples of malicious files from various feeds and sources, qualifying them as Unknown Threats, and then sending them to mailboxes protected by Office365 ATP, G-Suite Enterprise or Proofpoint TAP. We measure miss rate at first encounter and Time To Detect (TTD) for these Unknown Threats.
Our findings show a miss rate of 20-40% and a Time To Detect of 10-53 hours (!). This Detection Gap keeps enterprises continually unprotected against unknown threats.
BitDam’s Advanced Threat Protection (ATP) solution is threat-agnostic, has a very low miss rate of unknown threats, thus significantly reducing the risk of successful email-based attacks.
Install BitDam’s feed app “Lucky Meter” to get in-the-wild samples to your account and see how exposed you are.
In the past week or two, our team at BitDam