![]() The company tried its best to resolve the attack in the first month, but then needed to call in an incident-response vendor to help. They then searched the mailboxes for confidential emails that contained intellectual property in certain markets. The attackers were not coordinating the attack together, the main attacker used a password-spraying attack to get the credentials of the Office 365 admin. When DART was in the process of removing the attacker on the system, that was when it discovered the other 5 intruders within the network. Microsoft says that almost 99.9% of compromised accounts do not use MFA, and only 11% of enterprise accounts use MFA. One thing to note, this attack could have been prevented if a multi-factor authentication (MFA) was in place. This attack persisted for 243 days, this was when DART was called in to help the customer. In the first report that they gave, there was details of an advanced persistent threat (APT) that was able to steal administrator credentials to steal sensitive data. One particular customer story just shows how some organizations are still lax when it comes to security as they had 6 different groups hacking their network in the same time period. ![]() Microsoft’s Detection and Response Team (DART), in an effort to encourage the use of better security practices, is planning on sharing its experiences wit customers to let others know the methods of hackers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |