Office 365 Security Summit: Source Documents
During our Office 365 Security Virtual Summit today, Howard M. Cohen and I ran a joint session about recent Office 365 security incidents and reports in the news.
It was an interesting discussion, and thanks for all the audience questions. We covered a lot of ground quickly, and I promised at the end to provide links to the source documents for all the topics we covered in the last hour:
- The GreatHorn report on a massive attack involving Office 365 phishing pages on redirector domains and hiding behind subsidiary domains of legitimate sites.
- The latest version of the Microsoft Digital Defense Report. The link is to a Sept. 29 blog, which is hyperlinked to the full 88-page document. In the session, we talked about details on COVID-19-themed lure trends, an interesting periodic table of nation state attackers, and details on frequently spoofed brands within Office 365 accounts. That only scratches the surface of the contents of the report, which covers the state of cybercrime, includes much more detail on nation state threats and addresses remote workforce security. For my colleague Kurt Mackie's news summary of the report, click here.
- The CheckPoint Q3 report about brand phishing, showing Microsoft as a the top spoofed target.
- The CISA analysis report with details about the breach of an unnamed federal agency, showing some of the damage that can be done to an organization once someone has Office 365 credentials.
- A Proofpoint account of an advanced persistent threat involving OAuth access token phishing.
- Details on the rich Vectra report, "2020 Spotlight Report on Microsoft Office 365." Click through the blog for a link to the full 10-page report.
- An explainer on the rebranding of Microsoft's enterprise security products, mostly around the Microsoft Defender theme. For Kurt Mackie's news article with additional context, follow this link.
- A discussion from Menlo Threat Labs about a new phishing attack with a novel approach to layering CAPTCHAs.
- The Microsoft account of the reasons it went after the Trickbot botnet, how it initially attempted to disrupt Trickbot, and an update on how the fight developed. More Redmond reporting here and here.
- Details of the SANS data incident from August in which a successful phishing e-mail resulted in a malicious Office 365 add-in that forwarded 513 e-mails to an unknown external e-mail address.
Finally, for anyone interested in where that comic book panel in the final PowerPoint slide came from, here you go: "Star Wars: The Original Trilogy - The Movie Adaptations."
Posted by Scott Bekker on 10/23/2020 at 1:49 PM