One of the most sophisticated cyberattacks the tech world has recently seen, Solorigate, has been grabbing the attention of security firms in the past weeks. In the latest move, Microsoft has come up with a solution that presents Microsoft 365 Defender as an effective way to stay safe from the Solorigate and associated attacks.
Using Microsoft 365 Defender to protect against Solorigate
The company has detailed a list of steps that security operations and incident response teams can use to get the best out of Microsoft 365 Defender. The tech giant adds that it would continue updating information on the attack as they become available.
The detailed blog post starts by providing a comprehensive idea about the Solorigate attack, describing how it took place. In the following sections, Microsoft has used its threat analytics tools to interpret the attack’s depth.
Microsoft also adds that it has designed the 365 Defender Endpoint platform to detect possible backdoors in protected systems and alert the administrator. Considering that the attackers use such a backdoor to execute the significant payload, this first security step will ensure a smoother security layer from the Solorigate attack in general.
Even if a device has become affected by the Solorigate attack, Microsoft 365 Defender can remotely prevent attackers from using the system resources. The company has shown in the blog post that it can detect hands-on keyboard activity within the cloud environment and modifications made to an organization’s authorization process.
In addition to detecting these unusual scenarios, Microsoft 365 Defender will now propose possible solutions to the problem. For instance, if some notable modification is seen in the authentication part of the system, the Defender would ask the administrators to reset the password.
Similarly, Microsoft Defender for Endpoint will detect suspicious access to LSASS, possible attempts to access ADFS key material, and other processes that may manipulate the ongoing system. There are also some of the advanced queries that admins can use to detect and diagnose the presence of the Solorigate backdoor.
The company itself says that this isn’t a complete solution to the attack, which seems to be evolving. With that having said, Defender 365 currently offers the best set of options you have.