Risk audits and protecting against SaaS ransomware attacks
Microsoft 365 is a widely used software resource and thus susceptible to a wide range of breach attempts and cyber-attacks. Obsidian, a cybersecurity firm, observed such an attack on Sharepoint Online, one of the 365 services.
After the breach, the attacker created a new Active Directory allowing them to attain executive privileges and lateral network movement. They proceeded to remove administrators within the network and used their privileges to steal or close-off valuable data. They relied on tools baked into the service, like SharePoint Administrator or Exchange Administrator.
The ransomware attack resulted in theft of important files and their respective encryption. As is typical with ransomware attacks, the hacker demanded ransom or threatened to publish the files in publicly available spaces. The attack is designed around SaaS security, or in other words, efforts to overturn it, versus the typical endpoint security methods. Obsidian believes this will be another growing trend in ransomware campaigns, as in, an emphasis on attempting to compromise business platforms using SaaS- security methods.
Obsidian believes the attack was carried out by the hacker group Omega, one that typically relies on double-extortion to achieve success.
Defending against SaaS attacks
The next phase for any coherent cybersecurity solution is to reduce risk and mitigate damage in the case of this breach type. There are a few things administrators can do, such as implementing MFA and managing accounts with administrator privileges.
It’s also a good idea to conduct tests, or in this case, a risk audit. Bytagig can conduct a Microsoft risk audit to assess weaknesses and test for potential intrusion events.
What is a risk audit?
Risk audits are comprehensive tests of a businesses’ overall IT and cybersecurity competency. The goal is to identify potential factors contributing to a breach. For instance, a breach audit may reveal several weaknesses in remote applications, or the need to implement additional permission-based rules for connecting users.
The scope of a risk audit entirely varies based on the size of an organization, their goals, and budget. However, most risk audits are not too cost intensive, time sensitive, and work within a company’s time and financial budget.
If you’d like additional assistance, Bytagig can conduct a risk audit to assess the cybersecurity, IT, and readiness of your SMB enterprise. Bytagig is an Oregon based MSP providing a range of different services, audit services for Microsoft 365 one of them.
Bytagig can handle the entire risk audit process, from interviewing relevant staff to inspect each layer of your business infrastructure.
For more information, you can contact us today.
