Wednesday, June 23, 2021

Stories from the SOC – Office 365 Account Compromise and Credential Abuse

Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers.
Executive Summary
Credential abuse and compromised user accounts are serious concerns for any organization. Credential abuse is often used to access other critical assets within an organization, subsidiaries, or another partner corporation. Once an account is compromised, it can be used for data exfiltration, or to further promote the agenda of a threat actor. Threat actors often compromise the internal email accounts of legitimate organizations for many reasons including to send internal users phishing links leading to additional compromise, to send malicious emails to external users for later compromise, or create inbox rules to forward confidential emails to the threat actor’s account outside of the organization. Monitoring for events surrounding internal, inbound,…

Marcus Hogan Posted by:

Marcus Hogan

Read full post

     

The post Stories from the SOC – Office 365 Account Compromise and Credential Abuse appeared first on Cybersecurity Insiders.


June 23, 2021 at 09:10PM

0 comments:

Post a Comment