Severe security breaches on Office 365 and Azure accounts

by Alexandru Poloboc
Alexandru Poloboc
Alexandru Poloboc
News Editor
With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor,... read more
Affiliate Disclosure
  • Maintaining a secure environment for our online data and business is an absolute must.
  • Specialists are warning us about potential third-party intrusions in our Microsoft Cloud.
  • Abnormal Azure AD actions may imply that attackers are already infiltrated your system.
  • This article contains some of the signs that could warn you against security breaches. 
Microsoft Cloud security alerts

There is no stopping the future and, as much as we all wanted a more futuristic way to store our data and conduct business, we have all become to fear how easy it is for it to be accessed by external entities.

The complexity of vastness of the storage clouds makes the detection and repelling of threatening events more and more difficult.

How can you tell if your security has been bypassed?

According to the specialists at Vectra AI, there are a few signs that indicate the fact that security for our Microsoft 365 or Azure has been compromised.

External Teams access and non-authorized, suspicious mail forwarding should be the first red flags when it comes to your, or your company’s cloud security. This could easily mean that an attack has already begun.

Regularly checking what accounts are part of the team in Office 365 is an excellent way to make sure that an external account has been already added.

This type of activity could indicate that a malicious third party has added an account under their control.

Another sign that you should keep your eyes open for is risky Office 365 Exchange operations, which could point to an attacker that is controlling Exchange in order to gain access to specific data or further attack progression.

Also, peculiar Azure AD actions may imply that attackers are already escalating privileges and also performing admin-level operations, after the account takeover.

Office 365 accounts that are downloading or sharing files and folders at a volume that was higher than normal, which could indicate a third party is using either SharePoint, or OneDrive to download functions to exfiltrate data, is another sign.

Tell the difference between friend and foe

Taking into consideration the examples above, you can understand that every activity that is being detected isn’t necessarily of malicious nature, which is why it’s paramount to have the right data before we take action.

It’s all about being able to determine and, also, tell the difference between what’s considered to be normal activity for your environment and what could be a potential issue that needs to be addressed.  

The security issues that users deal with while using Office 365 are many, which should be an even bigger reason to keep both eyes wide open when we feel something’s not right.

Have you ever felt like your Microsoft Cloud security has been hacked? Tell us all about it in the comments section below.

This article covers:Topics: