Microsoft Sentinel: Monitoring Audio/Video Conferencing Software

Posted by Michael Born on May 11, 2020

This blog expands upon SecureSky’s “Top 10 Audio/Video Conferencing Security Best Practices” blog posted on April 8, 2020. If you have not read that blog yet, we encourage you to do so, as it provides recommendations on settings to harden various audio/video conferencing tools that you may use within your organization.

Read More

Attackers Exploit Gap in Office 365 Best Practice Guidelines

Posted by Brian Greidanus on Apr 30, 2020

With a six times increase in COVID-19 themed incidents, security professionals need to take advantage of every possible configuration and security control to protect against this growing amount of attacks.  Today we will discuss how attackers are leveraging a gap in Office 365 best practices that allows undetected eavesdropping on victim’s emails.

When attackers gain control of an account in Office 365, one of the first steps they often take is to configure email forwarding in the compromised environment. Attackers configure email forwarding in order to see new emails that arrive in the victim’s inbox – which can be responses to attacker phishing attempts sent to the victim contacts. In order to disguise their presence, the attacker does not want the victim to see those emails. 

Read More

Microsoft Security Defaults – A Step in the Right Direction, but Customers Should Do More

Posted by Brian Greidanus on Apr 21, 2020

We understand that managing security for Office 365 can be difficult and complex. As we continue to see common identity-related attacks against authentication like password spray, replay, phishing and malware-based increasing into today’s uncertain world it's imperative that we understand Microsoft’s “Security Defaults”.   

Read More

The Cloud Balancing Act: Improving Business Outcomes without Degrading Your Security Posture

Posted by Corey Meyer on Feb 24, 2020

Who knew that way back in 1964 Bob Dylan would predict the challenges we’re facing with the cloud in 2020. Times they are a-changin’. We’re in the midst of an evolution in IT, led by the rapid adoption of cloud computing, which promises to produce better business outcomes. While most of us have our security posture top-of-mind in the face of these changes, it’s easy to become complacent, think that we have it covered and rely a little too heavily on the out-of-the-box security offered by our cloud providers. In Dylan’s prophetic words, “It’s time to start swimming or sink like a stone.”

Read More

Dudear or Not Dudear – Analyzing A Recent Phishing Attempt

Posted by Michael Born on Feb 6, 2020

Following the Tweet from the Microsoft Security Intelligence account January 30, 2020 (https://twitter.com/MsftSecIntel/status/1222995250911703041?s=20), we at SecureSky were a little curious whether we had come across any evidence that phishing attempts against our own organization or our clients were part of this recently revived campaign. Not that we really need a reason to do this kind of research but given this announcement, we decided to put some time into this.

Read More

CIS Microsoft 365 Benchmark v1.1 Released

Posted by Brandon Cox on Jan 15, 2020

I am pleased to have participated in and been named a co-editor of the most recent release (version 1.1) of the Center for Internet Security Microsoft 365 Foundations Benchmark. Sharing SecureSky’s extensive O365 incident response experience and security controls recommendations to give back to the O365 security community was a great opportunity.

Read More

SecureSky’s Top 5 2020 Cloud Security Predictions

Posted by Corey Meyer on Dec 18, 2019

Cloud Computing Adoption Will Accelerate

We’re not going out on a limb in predicting cloud services will continue to grow. The information technology world is experiencing a tectonic shift, led by the rapid adoption of cloud computing. *Gartner predicts that the market size of the cloud services industry will grow three times faster than overall IT services growth, reaching $331.2 billion by 2022, with SaaS applications accounting for $143.7 billion, or 43% of this market.

Read More

Detecting BEC Attacks and Compromise - Part 5

Posted by Gary Napotnik on Nov 22, 2019

1.0 Introduction

Welcome back to SecureSky’s series on Business Email Compromise (BEC) Attack and Detection!

In Part 1 of this blog series, we introduced BEC attacks, and discussed why BEC attacks are increasing. In Part 2, we used recent BEC investigations to discuss how BEC attacks work against O365 environments. In Part 3, we discussed key Office 365 (O365) configuration settings that organizations can implement to protect against BEC attacks. In Part 4, we discussed key logging and auditing capabilities in O365 that can help organizations detect BEC attacks against their environment.

Read More

Configuration of Office 365 to Detect BEC Attacks - Part 4

Posted by Gary Napotnik on Sep 25, 2019

1.0 Introduction

In Part 1 of this blog series, we introduced Business E-mail Compromise (BEC) attacks, and discussed why BEC attacks are increasing. In Part 2, we used recent BEC investigations to discuss how BEC attacks work against O365 environments. In Part 3, we discussed key Office 365 (O365) configuration settings that organizations can implement to protect against BEC attacks. Here in Part 4, we will discuss the logging and auditing capabilities in O365 that can help organizations detect BEC attacks against their environment.

Read More

Configuration of Office 365 to Protect Against BEC Attacks - Part 3

Posted by Gary Napotnik on Sep 4, 2019

In Part 1 of this blog series, we introduced Business E-mail Compromise (BEC) attacks, and discussed why BEC attacks are increasing. In Part 2, we used recent BEC investigations to discuss how BEC attacks work against O365 environments. In this third entry, we will discuss a number of key Office 365 configuration settings that organizations can implement to protect against BEC attacks. 

Read More