Avanan to change the default protections for compromised accounts and password-protected attachments
We all know that phishing attacks have become more and more sophisticated and attackers find creative ways of compromising accounts – some not even through corporate emails and applications.
In the past month we have seen an uptick in user account compromises, most without a preceding phishing email to the corporate mailbox.
In addition, we detected several major phishing campaigns that involved password-protected attachments that pass through other email security solutions.
But detecting is not enough, and the new reality we live in mandates enforcement and prevention. Therefore, the following changes will be put in place in your security settings and workflows:
- Compromised accounts will be automatically blocked and all portal admins will be notified.
- Microsoft 365 administrators detected as compromised will not be automatically blocked.
- Suspected compromised accounts will still not be automatically blocked by default, unless you changed the default workflow in your portal.
To change this new behavior, go to Config -> Security Engines -> Anomaly Detection -> Configure and select the desired workflows.
- For policies in Protect (inline) mode, the Password Protected Attachments Workflow will be set to Require end user to enter the password.
To understand the new end-user experience, see this admin guide chapter.
To change this new behavior, go to your policies and select a different workflow under Password-Protected Attachments workflow
Note – this change will take place gradually over the next 10 days.