For the first time ever, cyberwarfare weapons have been deployed in conjunction with kinetic weapons, as Ukrainian and Russian tensions have boiled over into hot conflict. And a key takeaway is that organizations that may have historically felt that they were just targets from opportunistic criminals may find themselves facing a motivated, nation-state actor.
At Vectra, our organizational mission is to make the world a safer and fairer place. And we have experience protecting organizations against nation state actors. If because of this conflict your organization is under attack we will help, at no cost.
As a down payment on that pledge, we’d like to share a bit of what we’ve learned.
In December 2020, the National Security Agency published one of the most-important cybersecurity advisories of the last decade. In it, they outlined how nation-state actors had discovered ways to abuse federated identities to gain privileged access to sensitive information and also manipulate standard user identities to their benefit. This month, the Department of Homeland Security alerted the world that identity compromises were being used to disrupt US defense contractor operations in support of their global operations.
For security teams within organizations that rely on Microsoft's cloud services for identity, messaging and collaboration with M365 SaaS infrastructure, here are some quick tips to protect your organization from sophisticated attacks.
The above checks are in no means exhaustive – effective password policies, verifying users against leaked-credentials lists, and managing risks related to user ability to consent to third-party apps are all valuable steps for organizations to take to limit their exposure.
But these three attack paths constitute major highways that both sophisticated and opportunistic cyber-attack actors will follow to gain unauthorized access to identities, sensitive data, and systems. By managing and monitoring them, network defenders not only have an opportunity to increase the difficulty of an attack but also uncover indicators that an attack is underway.
If your organization is struggling on these fronts, contact us – we can help. Our Siriux team has extensive experience with threat hunting in M365 tenants and our hardening guidance has been developed based upon scanning some of the most-attacked tenants in the world.
Join Aaron on Thursday, March 03, at 16:00 GMT on the Vectra Webinar: Protecting Microsoft 365 from Advanced Threats.