Spotting and Stopping the Evil Proxy Attack in Microsoft 365

Spotting and Stopping the Evil Proxy Attack in Microsoft 365

In the ever-evolving landscape of cyber threats, the Evil Proxy Attack stands out as a sophisticated method used by cybercriminals. MSPs (Managed Service Providers) must remain vigilant, especially when managing Microsoft 365 environments. In this article, we'll break down the components of this malicious strategy and how we're actively guarding against it.

Understanding the Evil Proxy Attack

At its core, the Evil Proxy Attack utilizes a Malicious Proxy to intercept communications between a client and a server. The attacker leverages this Man-in-the-Middle (MitM) Attack strategy to gain unauthorized access and manipulate data. For Microsoft 365 users, this typically unfolds in four critical stages:

  1. Phishing Ambush: Users receive a seemingly innocent email, often masquerading as a trusted or even internal contact. However, these emails contain malevolent content, laying the groundwork for the attack.

  2. MFA Misdirection: The attacker adds a new MFA (Multi-Factor Authentication) method to the victim's account, ensuring they can regain access even if initial entry points are closed.

  3. Suspicious Sign-ins: The attacker logs into the victim's account, often from unexpected or high-risk locations.

  4. Inbox Infiltration: To remain undetected, attackers modify inbox rules. Typically, they'll divert incoming messages to an 'archive' folder and mark them as read, ensuring the user remains oblivious to their actions.

Proactive Protections Against Proxy Threats

Fortunately, our suite of tools is equipped to detect and counter these attacks:

  1. Email Shield: We employ advanced mechanisms that both warn and block emails that show signs of spoofing or contain suspicious links/attachments.

  2. Inbox Alert: Any new inbox rules created on a user's account immediately trigger a notification to the admin, ensuring prompt action against any suspicious activity.

  3. Location Guard: Our system notifies admins when an account logs in from outside specified safe regions. We also offer the option to block such suspicious logins outright.

What's Next?

By Quarter 4 of 2023, we're adding another layer to our security quilt. Soon, we'll notify you whenever a new MFA method is added to a user's account – a direct counter to one of the key steps in an Evil Proxy Attack.

Remember, the Proxy Server plays a crucial role in maintaining the flow of data between client and server. It's this very role that attackers exploit, sometimes even employing SSL/TLS interception tactics to decipher encrypted data. Being aware of the modus operandi of such attacks and having proactive measures in place is the key to keeping your Microsoft 365 environment secure.

In conclusion, by staying updated and vigilant, MSPs can effectively guard against the cunning and deceptive Evil Proxy Attack.

Get FREE 1 month trial
clear, no-nonsense, totally unlimited

We do things differently at MSP Easy Tools

We used to own and run an MSP ourselves – which is why we developed the Tools.
So, we know what the day to day looks like for you: the good and the bad.

  • Fully GDAP compliant
  • FREE one month trial of complete system Office 365 security and compliance dashboard
  • FREE onboarding
  • Single sign-in using your own MS365 credentials. No need to know all tenant details
  • FREE one to one marketing session in trial period to ensure you earn before you pay for MSP security tools
  • No payment until 6 weeks after starting FREE month’s trial for your MSP network security
  • Month-by-month contract. If you’re not happy with your Office 365 security,  you can leave
  • Can be used by all of your staff, even on lowest package
  • Tiered pricing packages, so you can scale as you grow
  • Sensibly priced top package is fully unlimited everything + more
  • Full use of MicroMonty productivity tools in all packages
  • Unlimited use of  Office 365 reporting and prospecting tools in all packages
  • Easy by name, easy by nature. You’ll be fully using the Office 365 security and compliance dashboard system within a few hours. No long training period

We’ve designed everything to work as simply as possible and our pricing matches this too.