Services
Identity Protection for Microsoft 365
Did you know that email is the starting point for 91% of cyberattacks?*
BEC (Business Email Compromise) is one term that demands attention in cybersecurity. This cybercrime involves scammers/threat actors adopting the digital identity of a trusted persona, to manipulate employees or customers into taking actions that serve the threat actor’s agenda.
These actions could range from unauthorised payments and purchases to sharing sensitive data or disclosing confidential information.
BEC attacks are cunning, relying on social engineering techniques, exploiting weak authentication credentials, or capitalising on users’ inclination to approve Multi-Factor Authentication (MFA) prompts. Unfortunately, these attacks often go unnoticed and slip past traditional security tools and spam filters.
How Can We Help Protect Your Business?
Having seen this first-hand and understanding the gravity of this threat, we offer a Managed Detection and Response (MDR) solution as part of our robust security services. Adding a layer of protection to your Microsoft 365 cloud identities and applications, against BEC threats.
Suspicious logins
User login credentials are comprised or the user has approved a malicious MFA prompt.
Shadow Workflows
We look for dodgy inbox rules, watching for unexpected email redirects, in addition to historical rules already in place.
Rogue Microsoft 365 Apps
Malicious application installs or weaponising legitimate applications to exfiltrate data and establish persistence
Session Hijacking
We look for specific behaviour associated with stealing login tokens, which can bypass Multi-Factor Authentication.
Why Choose Our Solution?
By detecting and responding to suspicious user activity, permission changes, unusual mailbox rules and anomalous access behaviour, and backed by a 24/7 SOC (Security Operations Center) team, our solution empowers us to fight back against attackers on your behalf.
By taking a proactive stance, we minimise the risk of your business falling victim to BEC incidents.
Some Common Threats We Look For
Suspicious Logins
Identifying suspicious logins involves deploying sophisticated security measures, incorporating techniques such as impossible travel detection and recognising anomalous behaviours, including instances of unexpected VPN usage.
To fortify the overall protection of user accounts and enhance resilience against potential threats.
Suspicious Inbox Rules
This attack strategy involves taking genuine emails, often containing payment information, credentials, or similar data, and relocating them to a concealed section of the user’s mailbox.
By obfuscating emails or forwarding them to an external mailbox controlled by the attacker, all traces of the emails entering or leaving are erased.
This attack is typically carried out using Microsoft’s built-in capabilities for automating email processing in the mailbox, and users are rarely aware that it’s occurring.
Privilege Escalations
If someone unauthorised gains access to a Microsoft 365 system, they often try to stay unnoticed by creating a low-profile account for continued access.
This allows them to maintain control, even if the initial access account’s password is changed.
The next step involves trying to upgrade that account to a global Admin with extensive powers, giving them control over various aspects and the ability to cover their tracks.
Better Security for Your Business
Your business needs professional tools that work when you need them. Microsoft 365 done right means your team stays productive without technical headaches.
* Source: “Protecting against coronavirus themed phishing attacks”. Microsoft Security blog. March 20, 2020.
