As Microsoft teams head into the holidays this was quite the week for security news from the preview of Microsoft Threat Protection preview to a couple major stories around new threats impacting organizations.
Every day, attackers compromise endpoints, identities, and email to infiltrate and quickly expand their foothold in an organization. Customers need protection across these attack vectors to defend against evolving threats. Microsoft Threat Protection is an integrated solution that’s built on our best-in-class Microsoft 365 security suite: Microsoft Defender Advanced Threat Protection (ATP) for endpoints, Office 365 ATP for email and collaboration tools, Azure ATP for identity-based threats, and Microsoft Cloud App Security (MCAS) for SaaS applications.
There are 79 million businesses worldwide who meet the “small or medium business” (SMB) definition of having 300 or fewer employees, and those businesses represent 95 percent of all the companies on earth—which amounts to a staggering 63 percent of the world’s workforce. As gigantic as those figures might be, they’re belied by other numbers that cast a shadow across worldwide employment: Last year, 55 percent of SMBs weathered cyberattacks, 52 percent of these breaches were caused by human error, and, in a quarter of these cases, sensitive customer data was breached. The average cyberattack will cost an SMB U.S. $190,000 and, after a ransomware attack, only one-third of SMBs can remain profitable.
This operations reference guide describes the checks and actions you should take to secure and maintain the following areas: Identity and access management;
Authentication management; Governance; Operations
Phishers have been quietly retaliating, evolving their techniques to try and evade these protections. In 2019, we saw phishing attacks reach new levels of creativity and sophistication. Notably, these techniques involve the abuse of legitimate cloud services like those offered by Microsoft, Google, Amazon, and others. At Microsoft, we have aggressive processes to identify and take down nefarious uses of our services without affecting legitimate applications.
Microsoft Threat Intelligence Center (MSTIC) is raising awareness of the ongoing activity by a group we call GALLIUM, targeting telecommunication providers. When Microsoft customers have been targeted by this activity, we notified them directly with the relevant information they need to protect themselves. By sharing the detailed methodology and indicators related to GALLIUM activity, we’re encouraging the security community to implement active defenses to secure the broader ecosystem from these attacks.
Many of today’s threats evolve to incorporate as many living-off-the-land techniques as possible into the attack chain. The PowerShell-based downloader Trojan known as sLoad, however, puts all its bets on BITS.
Most network and security systems support either Syslog or CEF (which stands for Common Event Format) over Syslog as means for sending data to a SIEM. This makes Syslog or CEF the most straight forward ways to stream security and networking events to Azure Sentinel.
We’ve known for some time now that passwords are failing as a security mechanism. Passwords are expensive to manage and users struggle to remember them. Passwordless authentication solutions promise better security and convenience, but you may wonder how to start and when you will realize the benefits.
I’m excited to announce that Azure AD authentication to Windows Virtual Machines (VMs) in Azure is now available in public preview—giving you the ability to manage and control who can access a VM.
**pictures courtesy of microsoft.com