Understanding Cloud Security Threats and Protections

Attackers frequently seek to gain a foothold within the identity infrastructure of an organization by accessing valid account credentials. To acquire these credentials, attackers might use password spray attacks, a technique where a list of common passwords is used to attempt to sign in to many different accounts in a network. Microsoft researchers have observed a variety of innovative password spray techniques, including the use of automated tools and the snowshoeing technique.

Microsoft has observed that attackers, after successfully compromising credentials, move on to follow-on activities such as multifactor authentication (MFA) fatigue attacks to bypass secondary authentication methods. Once they bypass MFA, attackers proceed to tamper with the MFA settings to persist in the environment. They also use compromised identities to launch additional attacks, including business email compromise.

Microsoft 365 Defender detects password spray and MFA attacks with multiple alerts. Defenders can search for suspicious sign-in attempts and MFA bypass and tampering activities with the hunting queries provided in the advanced hunting section. Organizations can also review anomaly detection policies in Microsoft Defender for Cloud Apps for related risky behavior, such as atypical travel, password spray, unfamiliar sign-in properties, and more.

Microsoft Office 365 Advanced Threat Protection (ATP) is an optional cloud-based service that scans and filters email to protect subscribers from malware in attachments and hyperlinks to malicious websites.

What does ATP stand for in Windows?

Advanced Threat Protection (ATP) refers to a category of security solutions that defend against sophisticated malware or hacking-based attacks targeting sensitive data. Advanced threat protection solutions can be available as software or as managed services.

Sven, in the video on this page, Petra Leclaire, Regional Head of Corporate Security CEU & Germany, describes the enormous financial damage that cyber attacks cause. How have attacks evolved over time? Many companies have strengthened their defense measures against cyber attacks and are constantly developing them. Nevertheless, we are continually faced with new methods of attack, such as the current supply chain attack, where companies are not attacked directly, but rather partners and suppliers with whom a company works are targeted. The partner or supplier is then used as a springboard to attack the actual target.

Phishing, which is still frequently used, is also a well-known attack pattern that is becoming increasingly sophisticated. Emails are sent containing a link or attachment that the recipient is supposed to click on. As soon as they click on this link or attachment, attackers can steal passwords or infect a computer. You could say that the person in front of the computer is under direct attack.

In addition to phishing, there is another method called social engineering, or social manipulation, which targets people directly. Hackers rely on human weaknesses and behavior, aiming to get people to disclose sensitive information or perform certain actions. They build trust, create fear, or pose as authority figures.