Mitigating Client External Forwarding Rules with Secure Score

Client created rules, that Auto-Forward email from users mailboxes to an external email address, are becoming an increasingly common and fruitful data exfiltration method being used by bad actors today and something we see quite a lot of in the Office 365 Service. There are a lot of legitimate reasons for using rules that externally Auto-Forward email,…

2

Hidden Treasure: Intrusion Detection with ETW (Part 2)

In our last post, we discussed how Event Tracing for Windows (ETW) provides a wealth of knowledge in addition to what’s available from the Windows Security Event Log. While we can gain increased insight into Windows activity, ETW was originally meant as a high-volume debug trace. Without some mechanism for filtering or reducing event volume,…


Hidden Treasure: Intrusion Detection with ETW (Part 1)

Today’s defenders face an increasing obstacle with information asymmetry. With the advent of in-memory attacks and targeted malware, defenders cannot simply rely on the default event logs provided by Windows. Attackers may make use of process hollowing to hide their code within a seemingly benign process as well as routing their Command & Control traffic…


Using the Office 365 Secure Score API

The Office 365 Security Engineering team is pleased to announce the availability of the Office 365 Secure Score API. This API is fully integrated into the Microsoft Graph. If you are wondering what the Office 365 Secure Score is, get the low down here, or visit the experience here: https://securescore.office.com. Why Collect Secure Score Data?…

0

New Security Analytics Service: Finding and Fixing Risk in Office 365

Microsoft is pleased to announce the preview availability of a new security analytics service called the Office 365 Secure Score. The Secure Score is a security analytics tool that will help you understand what you have done to reduce the risk to your data in Office 365, and show you what you can do to…


How to Deal with Ransomware

What is Ransomware? Ransomware is a type of malware or virus that prevents user access to devices, files or applications, requiring the victim to pay a ransom (money or information) to regain access. The ransomware that we most often see encrypts the user’s files (for example: Crowti, Tescrypt and Locky) and then asks the user…

6

How to review and mitigate the impact of phishing attacks in Office 365

As we mentioned in our one of our previous posts, many of the security support escalations we receive start with somebody falling victim to a phishing attack. In this blog post we would like to share how you (Office 365 Admins) can review and mitigate phishing attacks targeting your Office 365 tenant. Step 1: What…

2

How to fix a compromised (hacked) Microsoft Office 365 account

One of the most common security support requests we receive from our Office 365 customers is for assistance with remediating an account compromise. The most common scenario is that a member of their organization became the victim of a phishing scam and the attacker obtained the password for their account. (Note: If you are not…

0