Defending Against Rules and Forms Injection

Over the last year, Office 365 security has been tracking an emergent attacker persistence mechanism in the Exchange Online ecosystem. The release of a security research tool called Ruler enables an attacker to install a persistence mechanism once an account has been breached to maintain access even through a password roll. While we haven’t seen…

0

Defending Against Illicit Consent Grants

Problem Overview Office 365 Security has been tracking an emergent threat to customer data in the Office 365 cloud over the last year. This blog post is intended to help IT Administrators of Office 365 organizations detect, monitor, and remediate this threat. In its simplest form, the attack consists of an adversary creating an Azure…

0

Mitigating Client External Forwarding Rules with Secure Score

Client created rules, that Auto-Forward email from users mailboxes to an external email address, are becoming an increasingly common and fruitful data exfiltration method being used by bad actors today and something we see quite a lot of in the Office 365 Service. There are a lot of legitimate reasons for using rules that externally Auto-Forward email,…

2

DNS Intrusion Detection in Office 365

In Office 365, we are committed to protecting our customer’s data. We implement and exercise industry leading security practices to ensure that customer’s data is safe. Intrusion detection is one such security practice which ensures that we are notified about any anomalous activity or behavior on our servers or in our network. We monitor and…

2

Finding Illicit Activity The Old Fashioned Way

Finding bad guys doing bad things in your cloud services is a hard thing to do under even the best circumstances. There are a ton of idiosyncrasies at play, including the capabilities of the cloud applications you are using and the very unique nature of your users and the data you are storing in the…


Addressing Your CxO’s Top Five Cloud Security Concerns

 Overview and the Kill Chain Customers frequently ask us how they can defend their Office365 tenancy. While the motivations and capabilities of attackers vary widely, most attacks still follow a common process. The security industry refers to it as the attacker kill chain; a concept borrowed from military doctrine and adapted for this realm. The…

0