Stories from the SOC – Office365 Credential Abuse

57
[ This article was originally published here ]

Executive Summary
Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers.
The most critical element in combating malicious attempts on technology today is visibility. When considering the sheer amount of various cloud, firewall, IDS/IPS, anti-virus, etc. offerings, integrations are a necessity to enable effective security. Unified management is unachievable unless you can effectively consume and correlate a variety of log feeds that can be analyzed through the proverbial “single pane of glass.” By leveraging the AlienApp for Office365, we presented a compromised Office365 account to the customer who then confirmed our suspicion, reset the account, and implemented multi-factor authentication for that user. Though the AlienApp provides an incredibly insightful view of an Office365 environment, the ability to correlate events across…

Jeff LaCroix Posted by:

Jeff LaCroix

Read full post