TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

Microsoft Detection and Response Team (DART) reports real-life cybercrime stories

Discovering a malicious attacker on your network is not only worrisome but quite dangerous. If that’s less, imagine having 6 of them, all on the same network! It’s a story of cyberespionage that Microsoft’s Detection and Response Action Team (DART) uncovered very recently.

Detection and Response Team (DART)

Microsoft’s DART uncovers real-life cybercrime stories

An APT had infiltrated a multi-national company’s networks after stealing administrator credentials. It then gained access to sensitive emails by using sophisticated techniques. Despite multiple attempts, the company failed to remove the malicious actor. As a result, the threat remained in the network for 240 days. To reverse this occurrence, Microsoft DART was brought onsite to help the company gain back control and investigate.

Upon thorough investigation, DART found there were five additional threats. Responding to compromises, the team conducted investigations and identified certain targeted mailbox searches and compromised accounts, as well as attacker command-and-control channels.

This investigation lasted greater than seven months and revealed a attainable compromise of delicate data – pertaining to the sufferer and the sufferer’s clients – saved in Workplace 365 mailboxes. 243 days after the preliminary compromise, DART was then introduced in to work alongside the incident-response vendor and the corporate’s in-house groups, said Microsoft in a report.

Following an investigation, a comprehensive assessment of all Microsoft operating systems in the organization was conducted to ensure no other APT actors were present. Also, a robust plan was initiated to regain control of the customer’s environment, secure its assets against future intrusion, and enable monitoring and detection in the event of future attempts to compromise the company’s network.

Learning from the incident, Microsoft outlined five basic steps that organizations can deploy to reduce their exposure to APT attackers, including enabling MFA. These include,

  1. Removing legacy authentication
  2. Adequately training first responders
  3. Properly logging events with a security
  4. Information and event management product
  5. Acknowledging the facts that attackers do use legitimate administrative and security tools to probe targets.

For more information, check this MSSecurity PDF.

Published on Tags:

HemantSaxena@TWCN

A post-graduate in Biotechnology, Hemant switched gears to writing about Microsoft technologies and has been a contributor to TheWindowsClub since then. When he is not working, you can usually find him out traveling to different places or indulging himself in binge-watching.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap