Have you seen these common attacks in your environment and wants to know how Microsoft protect your organization?
- Attacker uses stolen credentials to gain access to the user’s files or to account and group management tools or access to a privileged service such as InfoSec systems like key management, configuration management, monitoring, backups, virtualization and others.
- Attacker removes data from the environment.
- Any employee clicks on a malicious link or opens a malicious file shared by the compromised user.
- Attacker moves laterally, gaining access to cloud services and resources in the environment.
- Malware changes signatures in a random timeframe using real company compromised code sign certificates
- Automatic propagation that leave little time to react
- Use multiple traversal techniques to try to fool protection systems
- User uses an USB Device to copy data or User uses a cloud service to exfiltrate information or User uses wrong application to open or save documents at (IE: Partner app instead of Organization’s) or Personal Device was enrolled into the organization’s environment. After saving lots of data in the dev
I have attached a PDF document that has more attack scenarios like here and how Microsoft helps defend organizations. The document is a little old but helps you in quickly learning what solutions from Microsoft can come in handy for a particular type of attack. There are additional solutions also released recently by Microsoft which are not covered here.
Download the document from here – CloudSecurity_UseCases
Kiran NR Cyber-security blog 