Local Technology

07 242 7100

Identity Protection
for Microsoft 365

Did you know that email is the starting point for 91% of cyberattacks? 1

Understanding The Threat of BEC

BEC (Business Email Compromise) is one term that demands attention in cybersecurity. This cybercrime involves scammers/threat actors adopting the digital identity of a trusted persona, to manipulate employees or customers into taking actions that serve the threat actor’s agenda.

These actions could range from unauthorised payments and purchases to sharing sensitive data or disclosing confidential information.

BEC attacks are cunning, relying on social engineering techniques, exploiting weak authentication credentials, or capitalising on users’ inclination to approve Multi-Factor Authentication (MFA) prompts. Unfortunately, these attacks often go unnoticed and slip past traditional security tools and spam filters.

Ask Yourself

  • What happens if a user is phished and attackers gain access to their email account?
  • The user provides login details on a fake website and approves the MFA prompt without realising it. Attackers now have access to the company-shared files and the users’ mailbox
  • Is a user’s mailbox leaking sensitive data with mailbox rules that nobody notices, forwarding emails?

How Can We Help Protect Your Business?

Having seen this first-hand and understanding the gravity of this threat, we offer a Managed Detection and Response (MDR) solution as part of our robust security services. Adding a layer of protection to your Microsoft 365 cloud identities and applications, against BEC threats.

Suspicious logins
User login credentials are comprised or the user has approved a malicious MFA prompt.

Shadow Workflows
We look for dodgy inbox rules, watching for unexpected email redirects, in addition to historical rules already in place.

Rogue Microsoft 365 Apps
Malicious application installs or weaponising legitimate applications to exfiltrate data and establish persistence

Session Hijacking
We look for specific behaviour associated with stealing login tokens, which can bypass Multi-Factor Authentication.

Why Choose Our Solution?

By detecting and responding to suspicious user activity, permission changes, unusual mailbox rules and anomalous access behaviour, and backed by a 24/7 SOC (Security Operations Center) team, our solution empowers us to fight back against attackers on your behalf.

By taking a proactive stance, we minimise the risk of your business falling victim to BEC incidents.

Protect your business today!

Contact the team

Some Common Threats
We Look For

Identifying suspicious logins involves deploying sophisticated security measures, incorporating techniques such as impossible travel detection and recognising anomalous behaviours, including instances of unexpected VPN usage, to fortify the overall protection of user accounts and enhance resilience against potential threats.

This attack strategy involves taking genuine emails, often containing payment information, credentials, or similar data, and relocating them to a concealed section of the user’s mailbox. By obfuscating emails or forwarding them to an external mailbox controlled by the attacker, all traces of the emails entering or leaving are erased. This attack is typically carried out using Microsoft’s built-in capabilities for automating email processing in the mailbox, and users are rarely aware that it’s occurring.

If someone unauthorised gains access to a Microsoft 365 system, they often try to stay unnoticed by creating a low-profile account for continued access. This allows them to maintain control, even if the initial access account’s password is changed. The next step involves trying to upgrade that account to a global Admin with extensive powers, giving them control over various aspects and the ability to cover their tracks.

How it works

The Microsoft 365 integration continuously captures and logs specific user actions, including policy changes, login events, mail flow manipulation, and more.

Security Operations Center (SOC) analysts and detection engineers utilise detection logic to quickly review collected data and identify suspicious behaviours. The analysts then sift through the collected data to confirm if activities are malicious, eliminating noise and false positives.

Once a threat is identified, the team takes the steps needed to remediate the threat. If additional work is required we will coordinate with you.

  1. Source: “Protecting against coronavirus themed phishing attacks”. Microsoft Security blog. March 20, 2020. ↩︎