It is no secret that the rate of cyber-attacks has escalated considerably in the past year. In fact, according to Reuters, cybercrime as a whole has risen 500% since the beginning of the pandemic. Cybercriminals are successful at breaching environments because they use various methods to carry out attacks. Many of the methods show cleverness, yet the attackers largely follow a systematic approach in orchestrating a cyber-attack.
Knowing what you’re up against is half the battle in securing your environment. After finding gaps in your cyber security infrastructure, you can use tools to fill them and reduce the risk of breaches.
Below you’ll find a list of common methods the bad guys use to get into your environment – and the tools you can use to keep them out. This is especially relevant if you are a Microsoft 365 user.
External threats
A common cause of breach stems from external vulnerabilities that target user devices and user identity. These threats can manifest in several ways but can be continuously mitigated with the right network security tools in place. Listed below are some common types of external threats and the tools you can use to stop them in their tracks.
-
File attachment – mitigated by Defender for O365
-
Social engineering, spear-phishing to entice a person to click a link – mitigated by Defender for O365
-
Malicious website – mitigated by Defender for O365
-
Compromised credentials, brute force or stolen credentials – mitigated by Azure AD Identity Protection
-
USB drive – mitigated via Microsoft Endpoint Manager (Intune)
Exploitation
The action of exploitation can allow an attacker to deploy malware to capture admin access or a service account. Once an exploit is installed, an attacker will likely begin surveillance. Their goal is to achieve some degree of command-and-control capability in your environment. To mitigate this, you can deploy the following actions:
-
Lateral movement – mitigated by Defender for Identity
-
Reconnaissance – mitigated by Defender for Office 365, Defender for Cloud Apps, and Defender for Endpoints
-
Privileged account compromised – mitigated by Defender for Identity
Exfiltration
If someone attacks and succeeds, they can either sell important information on the dark web or use it to demand money. Defender for Cloud Apps (formerly known as Microsoft Cloud App Security, or MCAS) can mitigate data exfiltration.
Ransomware
Before demanding a ransom payment, an attacker might sabotage the backup and recovery mechanisms. He waits before launching the ransomware attack, making it impossible to recover because the last backup is too old. According to the Ponemon Institute, the average time between breach and mitigation is 287 days.
During that time, an attacker may search out and destroy network diagrams, configuration schemas and as-built documentation to prevent or slow-down a rebuild.
Furthermore, an attacker can research a balance sheet or insurance coverage to determine how much can realistically be paid. That means that victims can’t bluff the attacker. More importantly, it gives attackers a credible escalation pathway without backing down. For example, in some cases, an attacker might double the ransom every 10 days so they want to know how many times that can happen.
Ransomware and other malicious behavior can be successfully averted not only by deploying the tools above but also by adopting a Zero Trust Architecture as a whole. The Zero Trust approach is a new and effective security framework to prevent data breaches for the modern hybrid workforce. For details and actionable insights on Zero Trust, check out this whitepaper.
Conclusion
The landscape of cyber threats is wide, but with the right knowledge and tools, you can prepare your group for imminent breach attempts. Learn about common cyber-attacks to make your group safer. Understand their basic anatomy for a secure environment.
Contact us to learn more!
