At the start of the month Microsoft introduced Cyber Signals, a cyber threat intelligence brief informed by the latest Microsoft threat data and research. This content, to be released quarterly, offers an expert perspective into the current threat landscape, discussing trending tactics, techniques, and strategies used by the world’s most prolific threat actors.
As we have seen ourselves working with customers, cyber attacks by nation-state actors are on the rise and despite their vast resources, these adversaries often rely on simple tactics to steal passwords, not protected by MFA etc.
The recommendations made by Microsoft reinforce how effective the following controls can be:
Enable multi-factor authentication – to verify the authenticity of users and activities: By doing so, organisations mitigate the risk of passwords falling into the wrong hands . Even better, eliminate passwords altogether by using passwordless MFA.
Audit account privileges: Privileged-access accounts, if hijacked, become a powerful weapon attackers can use to gain greater access to networks and resources. Security teams should audit access privileges frequently, using the principle of least-privilege granted to enable employees to get jobs done.
Review, harden, and monitor all tenant administrator accounts: Security teams should thoroughly review all tenant administrator users or accounts tied to delegated administrative privileges to verify the authenticity of users and activities.
Establish and enforce a security baseline to reduce Audit account privileges: Nation-states play the long game and have the funding, will, and scale to develop new attack strategies and techniques. Every network-hardening initiative delayed due to bandwidth or bureaucracy works in their favour. Security teams should prioritise implementing zero-trust practices like MFA and passwordless upgrades.
Originally posted here