Support Hot Topics - Reducing the threat of zero-day malware

Welcome to the second episode in our Support Hot Topics for Exchange Online Protection series. I’m joined in this episode by my co-worker, Jason, and we discuss Exchange Online Protection strategies that can help reduce the threat of zero-day malware.

I have seen an increase in zero-day malware attacks that use social engineering to get a user to run an attached script or executable file. These types of zero-day malware attacks can be easily blocked by a couple of simple transport rules in Exchange Online Protection.

In this episode Jason and I cover the creation of these rules both in the Office 365 portal and through PowerShell. We also touch on some general best practices. As usual please leave us feedback and ideas for future episodes in the comments.

[embed]https://youtu.be/Kz6ppPBLrE0[/embed]

 

If you have problems with the embedded video, you can watch it directly on YouTube.

 

In addition to what we mention in the above video, another option to help prevent malware is to use the new Exchange Online Advanced Threat Protection. Advanced Threat Protection (ATP) includes many features, one of which will execute attachments in a virtual environment to look for malicious behavior such as registry changes. If the attachment is deemed malicious, the message will not be delivered. More information on Advanced Threat protection can be found at the first link in the following section.

Resources

Exchange Online Advanced Threat Protection Tips to prevent Zero-Day Malware with EOP
Best practices for configuring EOP

Comments

  • Anonymous
    June 26, 2015
    I have recently seen a lot of zero-day malware attacks and interestingly, these attacks aren’t even trying to be covert. In these cases, the malware is attached to an email in the form of an executable file and the recipient is asked to run the