Top 10 Threat Detections in Microsoft Azure AD and Office 365 | #microsoft | #hacking | #cybersecurity

A new report from cybersecurity firm Vectra focuses on the top 10 threats customers face when using Microsoft Azure AD and Office 365.

“Q2 2021 Spotlight Report: Top 10 Threat Detection for Microsoft Azure AD and Office 365“Dangerous replacement operations for O365, suspicious operations for Azure AD, and suspicious download activity for O365 are top.

Between January and March, Vectra saw a surprising increase in detection centered on attackers attempting to manipulate Exchange to gain access to specific data or further attack progression. According to the data, more than 70% of Vectra’s customers triggered its detection during the week.

Over 60% of Vectra’s customers also triggered weekly detection of anomalous Azure AD operations. This means that a cyber attacker could elevate privileges and perform administrator-level operations after regular account hijacking. O365 accounts that download an unusual number of objects were also at the top of the list of detections caught weekly, followed by other O365 issues related to suspicious sharing activity and external team access.

Other commonly seen detections by Vectra include administrator privileges and suspicious email forwarding assigned to redundant accounts.

Research shows that many of the features covered are used to share and access files with other users in the enterprise, other than working from home and sharing files digitally. It is difficult to defend because there is no.

There were some differences in the types of detection trends seen in SMEs and large companies. Smaller organizations handled more O365 dangerous exchange operations, Azure AD suspicious operations, and O365 suspicious download activities, while larger entities faced more O365 suspicious power and flow We had to automate the detection of creations and face more suspicious email forwarding and external team activity in O365.


Overall, large enterprises generally have fewer detection triggers, and Vectra researchers say that large enterprise users and administrators “perform more consistent Office 365 and Azure AD activities compared to smaller organizations. I can do it. “

However, the report said large companies had to face more Office 365 DLL hijacking, Office 365 anomalous script engine attacks, and Office 365 suspicious eDiscovery exfills.

The survey also includes a detailed breakdown of how the Solarwinds backdoor was used by attackers.

Supply Chain Attack-solarflarepath-051021-01.png


Cybersecurity experts attribute much of the report’s findings to a major shift to remotework in 2020 for a pandemic. With over 250 million active Microsoft Office 365 users, App Omni CEO Brendan O’Connor said the pandemic revealed how serious the team is when it comes to cybersecurity.

“When an enterprise migrated to virtual and remote employees, organizations needed to quickly migrate business applications and data to the cloud. IT staff gained the slightest amount of network segmentation provided by traditional office networks. You can no longer get the benefits, “he said.

“Traditional security measures have been completely eliminated, and IT staff have had a hard time implementing the measures needed to secure the data in the cloud. Due to the rapid adoption of SaaS, it is common. Not only the lack of cybersecurity expertise, but also the lack of SaaS expertise was revealed. To make effective use of built-in security measures. “

Original Source link

Leave a Reply

Your email address will not be published.

− five = 2