Understanding Cloud Security Threats and Protections

Attackers frequently seek to gain a foothold within the identity infrastructure of an organization by accessing valid account credentials. To acquire these credentials, attackers might use password spray attacks (a technique where a list of common passwords is used to attempt to sign-in to many different accounts in a network). Microsoft researchers have observed a variety of innovative password spray techniques, including the use of automated tools and the snowshoeing technique.

Microsoft observed attackers, after successfully compromising credentials, moving on to follow-on activity such as multifactor authentication (MFA) fatigue attacks to bypass secondary authentication methods. Once they bypass MFA, attackers proceed to tamper with the MFA settings to persist in the environment. Attackers also then use compromised identities to launch additional attacks, including business email compromise.

Microsoft 365 Defender detects password spray attacks and MFA attacks with multiple alerts. Defenders can search for suspicious attempts to sign in and MFA bypass and tamper activities with the hunting queries provided in the advanced hunting section. Organizations can also review anomaly detection policies in Microsoft Defender for Cloud Apps for related risky behavior such as atypical travel, password spray, unfamiliar sign-in properties, and others.

Microsoft Office 365 Advanced Threat Protection (ATP) is Microsoft’s optional cloud-based service that scans and filters email to protect subscribers from malware in attachments and hyperlinks to malicious websites.

What does ATP stand for in Windows?

Advanced threat protection (ATP) refers to a category of security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data. Advanced threat protection solutions can be available as software or as managed

Sven, in the video on this page, Petra Leclaire, Regional Head of Corporate Security CEU & Germany, describes the enormous financial damage that cyber attacks cause. How have attacks evolved over time?

Many companies have strengthened their defence measures against cyber attacks and are constantly developing them. Nevertheless, we are constantly faced with new methods of attack, such as the current supply chain attack. Here, companies are not attacked directly, but rather partners and suppliers with whom a company works are targeted. The partner or supplier is then used as a springboard to attack the actual target.

Phishing, which is still frequently used, is also a well-known attack pattern that is becoming increasingly sophisticated. Emails are sent that contain a link or attachment that you are supposed to click on. As soon as you click on this link or attachment, the attackers can steal passwords or infect a computer. You could say that the person in front of the computer is under direct attack.

Many companies have strengthened their defence measures against cyber attacks and are constantly developing them.

In addition to phishing, there is another method called social engineering, or social manipulation, which targets people directly. Hackers also rely on human weaknesses and behaviour. Their aim is to get people to disclose sensitive information or perform certain actions. They build trust, create fear or pose as authority figures.