You cannot open a news site or turn on the television today without rightfully hearing about the coronavirus. While governments and medical systems scramble to respond and contain the virus, it is not clear if the virus will reach epidemic or pandemic levels, how quickly treatment options will become available or how the virus will affect the health and related productivity of large portions of the global population.
Read More
Who knew that way back in 1964 Bob Dylan would predict the challenges we’re facing with the cloud in 2020. Times they are a-changin’. We’re in the midst of an evolution in IT, led by the rapid adoption of cloud computing, which promises to produce better business outcomes. While most of us have our security posture top-of-mind in the face of these changes, it’s easy to become complacent, think that we have it covered and rely a little too heavily on the out-of-the-box security offered by our cloud providers. In Dylan’s prophetic words, “It’s time to start swimming or sink like a stone.”
Read More
Following the Tweet from the Microsoft Security Intelligence account January 30, 2020 (https://twitter.com/MsftSecIntel/status/1222995250911703041?s=20), we at SecureSky were a little curious whether we had come across any evidence that phishing attempts against our own organization or our clients were part of this recently revived campaign. Not that we really need a reason to do this kind of research but given this announcement, we decided to put some time into this.
Read More
I am pleased to have participated in and been named a co-editor of the most recent release (version 1.1) of the Center for Internet Security Microsoft 365 Foundations Benchmark. Sharing SecureSky’s extensive O365 incident response experience and security controls recommendations to give back to the O365 security community was a great opportunity.
Read More
Cloud Computing Adoption Will Accelerate
We’re not going out on a limb in predicting cloud services will continue to grow. The information technology world is experiencing a tectonic shift, led by the rapid adoption of cloud computing. *Gartner predicts that the market size of the cloud services industry will grow three times faster than overall IT services growth, reaching $331.2 billion by 2022, with SaaS applications accounting for $143.7 billion, or 43% of this market.
Read More
In Part 1 of this blog series, we introduced BEC attacks, and discussed why BEC attacks are increasing. In Part 2, we used recent BEC investigations to discuss how BEC attacks work against O365 environments. In Part 3, we discussed key Office 365 (O365) configuration settings that organizations can implement to protect against BEC attacks. In Part 4, we discussed key logging and auditing capabilities in O365 that can help organizations detect BEC attacks against their environment.
Read More
Setting up infrastructure in Azure can, at times, seem quite daunting with all of the available options one can configure within each service. In this blog, we will give you some tips for applying traditional security best practices into your Azure environment using Application Security Groups to help make managing network security groups less cumbersome.
Read More
1.0 Introduction
In Part 1 of this blog series, we introduced Business E-mail Compromise (BEC) attacks, and discussed why BEC attacks are increasing. In Part 2, we used recent BEC investigations to discuss how BEC attacks work against O365 environments. In Part 3, we discussed key Office 365 (O365) configuration settings that organizations can implement to protect against BEC attacks. Here in Part 4, we will discuss the logging and auditing capabilities in O365 that can help organizations detect BEC attacks against their environment.
Read More
In Part 1 of this blog series, we introduced Business E-mail Compromise (BEC) attacks, and discussed why BEC attacks are increasing. In Part 2, we used recent BEC investigations to discuss how BEC attacks work against O365 environments. In this third entry, we will discuss a number of key Office 365 configuration settings that organizations can implement to protect against BEC attacks.
Read More
Business e-mail compromise (BEC) is a class of cyber-crime that is growing rapidly. Over the past five years, BEC attacks have resulted in billions of dollars in losses from companies of all sizes across numerous industries.
This post is Part 2 of SecureSky’s multi-part blog series about BEC. In Part 1, we provided an introduction to BEC and discussed why this cyber security threat is increasing. In this post, we’ll take you through a recent SecureSky BEC investigation and explore an example of how BEC is executed against O365 environments.
Read More
