• Microsoft 365, Security
10 MIN READ

Platform Upgrade: Microsoft 365 agentless CSS phishing protection

Exciting news! 🎉 We’ve recently created this advanced CSS phishing protection, and we’re making it available for everyone, for free!

Threat Actors (TAs) frequently target finance or accounting personnel, and once they gain access, they often send altered invoices to existing customers with fraudulent account details. Depending on the business, the resulting financial and reputational damage can be severe. In some cases, we’ve observed losses reaching up to $100,000 from a single compromised account.

The following examples highlight recent high-value breaches where TAs successfully accessed user accounts. Each of these incidents could have been easily prevented by applying the mitigations discussed in this blog.
The Hague Gemeente warns of fake emails sent out on 25 September – The Hague Online
All Dutch police officers’ contact details stolen in cyberattack – POLITICO

Regular MFA does not protect against these modern attacks, TAs use specially designed servers to record user sessions which includes the MFA token (AITM Attacks), bypassing this considered secure security measure.

We’ve created a custom CSS and a server-side solution, which allows us to detect Adversary-in-the-middle (AITM) Phishing attacks. During each login, our servers validate the login session, and users are alerted by a red background and warning text in the Microsoft 365 login page when anomalies are detected.

We recommend not to rely solely on this anti-phishing technique. There are several other mitigations that protect against phishing, we described them in this post: Microsoft 365 Security / Necessities / Checklist – Prof-IT Services

While this anti-phishing technique is effective at present, there is no guarantee it will remain so in the future. Platforms like EvilGinx that are used by threat actors, are actively developing countermeasures against all protections. To address this, we have implemented a workaround by using an image for safe logins. This alerts users to a phishing site if no indicator is present.

Our CSS Phishing Protection solution is hosted on high performance server tiers across two different continents within Azure data centers. This configuration ensures optimal performance and high availability.

Subscribe to our blog to stay updated on any changes related to CSS phishing protection.

Safe login on the left, confirmed by the background logo. Phish login on the right, confirmed by the red background.

How-to implement

This solution requires you to upload a CSS file to your company’s login branding page. First, copy and save the CSS provided below. Optionally, include your email address to be alerted of phish detections.

From a normal browser, opening the canary URL will not show an image, the protection will work nevertheless when it’s called from CSS.

.ext-sign-in-box 
  {
    background-image: url("https://canary.modernworkplace.services/api/[email protected]");
  }
  
.ext-sign-in-box
  {
      background: white url('https://canary.modernworkplace.services/api/[email protected]') center no-repeat;
  }Code language: CSS (css)

Next, navigate to the Entra ID Admin Portal. Locate the Company Branding section, go to the Tab Layout tab, and upload the CSS file.
Edit default sign-in experience – Microsoft Azure

The CSS protection will be activated each time a user signs into a Microsoft portal, and a red background will be shown whenever a user visits a phishing website.

That is all that is needed! 10 minutes after uploading the CSS, it should display the save login logo when you sign in.

Custom Version for your organization

We can create a custom version of our CSS security solution, specially suited for your organization, hosted on your own or on our servers. This version can include custom safe login logos, incident response, multi-tenant alerting and security orchestration.

Secure Your Future Today

Whether you’re looking to strengthen your organization’s defenses or manage security across multiple tenants as an MSP, we can provide the tools you need to stay ahead of modern threats.

Contact us today to discover how our solutions can be tailored to secure your organization and provide peace of mind in an increasingly digital world.

  • Microsoft 365 Security / Necessities / Checklist

    Microsoft 365 Security / Necessities / Checklist

    Microsoft 365 is often considered safe, as it’s always up to date and maintained by Microsoft. Unfortunately, this is not true! Well, at least some parts aren’t. There are quite some options and products/features that should be configured to limit risk and exposure. In this post, I’m outlining the most important security settings and products, everyone…

    Read more

Latest Articles

The G-Door: Microsoft 365 & the risk of unmanaged Google Doc accounts
It’s time to secure Google Workspace—even if you’re not using
Read more
Automating Azure SQL Maintenance with Azure Automation

Keeping Your Azure SQL Databases Healthy: The Power of Automation

Read more
Malware Analysis – Shortcuts in zip file

Recently, we encountered two distinct variants of a payload delivered

Read more
Identifying Duplicate Files Across All SharePoint Sites Using PowerShell

Managing a SharePoint environment can be a complex task, especially

Read more
Load More

Talk With Our IT Experts Today

Schedule a call to talk to one of our Solution Consultants, who can help guide you on your journey to choosing the right IT solution or managed service for your business.

Book a Consultation