<img src="https://ws.zoominfo.com/pixel/JV60JGR5LG4sEWlH3Xte" width="1" height="1" style="display: none;">

Why Ransomware and BEC Attacks Are So Successful

Posted by Chris Currin on Aug 24, 2021

In 2021, ransomware remains an extremely impactful threat, with an estimated attack occurring every 11 seconds. Not only is the frequency of ransomware increasing, but it is reported the average ransom fee has increased from $5,000 in 2018 to $200,000 today, with several recent payouts crossing the $10M mark. With all of the recent spotlight on growing ransomware attack volumes and damages arising from phishing, business email compromise and account takeovers, you would certainly want to believe the cybersecurity industry would be focused on increasing security controls and detection policies to prevent such attacks.

From 2020 to 2021, SecureSky’s Global Threat Intelligence Center found among all clients that while some strides were made, unfortunately, it is still way too easy to infiltrate an organization’s email system.

Read More

Foundational Security Controls for Microsoft Teams

Posted by Wacey Lanier on Apr 26, 2021

Work-from-home requirements over the past year forced many organizations to rapidly increase adoption of video and collaboration applications like Microsoft Teams and Zoom without thorough security reviews and risk assessments. This large-scale increase in demand also surprised the providers, as numerous security and operational maturity issues arose as usage and attacks skyrocketed. Also, many organizations are employing these solutions in "new usage areas" such as medicine and education, that require specific access control, confidentiality, and financial management conditions.

Read More

Investigating User Account Compromises in Office 365

Posted by Brian Greidanus on Sep 1, 2020

Unfortunately, almost every organization at some point will have to manage a situation where a user’s account has been compromised. In this blog post, we present O365 native tools and techniques that organizations can utilize.

Read More

Implementing Foundational Security Controls for Every Office 365 Environment

Posted by Brian Greidanus on Aug 4, 2020

In our previous post, we provided an overview of each of the 12 Foundational Security Controls that should be implemented for every Office 365 environment to deter business email compromise (BEC), account takeover (ATO) attacks, and unauthorized data access.

Read More

Foundational Security Controls for Every Office 365 Environment

Posted by Brian Greidanus on Jun 10, 2020

As many organizations continue to adjust to an extended and potentially permanent remote workforce, dependency on cloud services has increased rapidly – as Microsoft CEO Satya Nadella stated in a recent earnings release – “We’ve seen two years worth of digital transformation in two months. The following post is intended to help organizations that may have recently begun using or have increased their usage of Office 365. 

Please note Microsoft continues to evolve their platform and these recommendations are current as of this posting.

Read More

Attackers Exploit Gap in Office 365 Best Practice Guidelines

Posted by Brian Greidanus on Apr 30, 2020

July 28, 2020 Update: Due to the complexities documented in this blog post, Microsoft is rolling out changes to e-mail forwarding configuration in Office 365. SecureSky is testing the changes that are documented at the following Microsoft URL, and will update this blog post after completion of testing to address these changes: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/external-email-forwarding?view=o365-worldwide.

With a six times increase in COVID-19 themed incidents, security professionals need to take advantage of every possible configuration and security control to protect against this growing amount of attacks.  Today we will discuss how attackers are leveraging a gap in Office 365 best practices that allows undetected eavesdropping on victim’s emails.

When attackers gain control of an account in Office 365, one of the first steps they often take is to configure email forwarding in the compromised environment. Attackers configure email forwarding in order to see new emails that arrive in the victim’s inbox – which can be responses to attacker phishing attempts sent to the victim contacts. In order to disguise their presence, the attacker does not want the victim to see those emails. 

Read More

Microsoft Security Defaults – A Step in the Right Direction, but Customers Should Do More

Posted by Brian Greidanus on Apr 21, 2020

We understand that managing security for Office 365 can be difficult and complex. As we continue to see common identity-related attacks against authentication like password spray, replay, phishing and malware-based increasing into today’s uncertain world it's imperative that we understand Microsoft’s “Security Defaults”.   

Read More