![]() ![]() Despite the attack bypassing all other security tools, it was identified by Darktrace’s Microsoft 365 connector and investigated by Cyber AI Analyst – the world’s first AI investigation technology, which automatically triages, interprets, and reports on the full scope of security incidents. In this case, the customer was using the Microsoft 365 module. SaaS platforms are often siloed, and security teams tend to lack visibility over them and struggle to correlate events across these multiple platforms.ĭarktrace Cyber AI protects the entire SaaS environment, providing full coverage over Microsoft 365 and Azure platforms. This phenomenon has widened the attack surface and provides great opportunities for cyber-criminals. ![]() Microsoft 365 is now used regularly across organizations for email, user management, file storage and sharing. There has been a sharp increase in these SaaS-based attacks, which comes as no surprise as companies increasingly rely on SaaS platforms to conduct their remote business. ![]() However, Darktrace was able to identify the account compromise from subtle anomalies in the user’s behavior, including suspicious logins, unusual email rule creations, and file deletions. The attack attempted to blend into the user activity and remain undetected. But what happens when the 2FA process itself has been compromised?ĭarktrace recently observed this exact scenario when a Microsoft 365 account was hijacked and the attacker temporarily changed the authentication settings so that the SMS codes were sent to their phone. This prevents cyber-criminals from simply using password credentials to hack a system instead, extra security layers, such as biometrics (inherence), personal information (knowledge), or a code sent to your phone or email (possession), are required to gain access to an account. It requires a user to present more than one method of identification when logging into an account. Two-factor authentication (2FA) is now relied upon by almost a third of businesses. ![]()
0 Comments
Leave a Reply. |