Microsoft Executive Email Breach: Lessons for SMBs and MSPs

Introduction: The Importance of Cybersecurity

Recently, Microsoft faced a cyberattack by Russian hackers, exposing sensitive email data. This incident isn’t just a concern for large corporations. This breach also provides valuable lessons for Small to Medium-sized Businesses (SMBs) and Managed Service Providers (MSPs). Understanding this breach and all it implies will help you safeguard your MSP or SMB from the attacks you face each and every day. Let’s dive into the risks you face.

Understanding Your Risks

Cyberattacks are not limited to big companies. Hackers target any organization, large or small, with valuable data, cyber insurance, or financial assets to bleed dry in a ransomware attack. For SMBs and MSPs, Microsoft’s breach shows the importance of strong cybersecurity training, testing, and technology to recognizing common attack methods and techniques.  These same attacks could be just social engineering with new tools.  Knowing how this breach happened will help you learn how to protect yourself.

How the Breach Happened

The Microsoft breach may have involved sophisticated techniques combining phishing and malware. However, it’s also possible, attackers used new malware that enables session stealing phishing attacks (Blog article explaining Evil Proxy) in the breach.  Such tools are now available for sale on the dark web for anyone to purchase and use.  These hacking tools work exceedingly well, leading to multiple security incidents for CyberHoot vCISOs in recent weeks!  For SMBs and MSPs, this means we all must be aware that seemingly secure systems (complex passwords protected by Multi-factor authentication) can be compromised. It’s crucial to employ comprehensive security measures to educated your people (weakest link) in order to protect your organization.

What This Means for Your Business

This breach highlights the necessity for SMBs and MSPs to be proactive in their cybersecurity efforts. Regular patching combined with employee training and testing can help.  Deploying robust cybersecurity governance policies (Password Policy, Information Handling Policy, Written Information Security Plan) and procedures (Vulnerability Alert, Security Incident Handling, Wire Transfer Process) are key to protecting your business from similar threats.

Lessons for SMBs and MSPs from the Microsoft mail Breach

1. Stay Alert: Cyber threats evolve quickly. Recent Session ID stealing attacks are making the rounds. If users click on a malicious link, their active Email Session Token grants hackers access to their email account by-passing MFA and passwords entirely!
2. Layer Your Defenses: Use a combination of security tools and practices to protect your systems.  Training employees combined with phish testing employees and technical measures are 100% needed.
3. Invest in Security: Allocate resources for cybersecurity measures, including technology and training.
4. Share Knowledge: Collaborate with others in your industry to share insights and strategies for defense.
5. Hire an Expert.  Hiring a virtual Chief Information Security Officer to perform a risk assessment on your business will help you spend your finite time and money wisely on the most critical risks you face.

Conclusion: Building Stronger Defenses

The Microsoft breach is a reminder of the constant cyber threats facing businesses. For SMBs and MSPs, it’s essential to:

1. Educate your team on cyber threats.  Session stealing attacks are using the same old phishing techniques to convince users to click on something they shouldn’t.
2. Implement strict cybersecurity policies.  Guide employees on best practices and required cybersecurity measures such as unique passwords, phishing simulations, and password manager usage.
3. Use positive reinforcement, like phishing simulations, to train employees.  Cyber Literacy education is as important personally as it is professionally today.  You don’t want a staff member having to leave work for an extended period to recover their identity stolen in a breach.  Give them a fighting chance; teach them Cyber Literacy skills.
4. Assess your risks with help from external experts.  Hiring a virtual CISO to perform a risk assessment makes good sense and is fiscally responsible.  How can you spend finite time and money on risks you haven’t measured and quantified yet?
5. Install key security measures, including anti-spam filters, antivirus software, firewalls, and multi-factor authentication.  Endpoint protection is also key and forward all logs to a Security Incident Event Monitor (SIEM) to escalate when strange things happen.

By learning lessons from this breach, SMBs and MSPs can build a resilient cybersecurity posture. You simply have no choice today as business owner.  You must protect yourself against the myriad of tactics and attacks that are out there.  While a nation-state hackers has access to sophisticated attack tools, CyberHoot believes you’re much more likely to be breached by an old fashion social engineering based phishing attack.  When such attacks are combined with new tools session stealing attacks the results can by-pass your unique passwords and Multi-factor authentication requirements leading to devastating consequences.  The true fix is to teach your end users to never, ever click on malicious links.

Secure your business with CyberHoot Today!!!

Sign Up Now

Sources:

Fast Company Article on Microsoft Executive Email Account Breach

Bank Info Security Article:  Google Exploit of OAuth leads to Persistent Access via Session Manipulation Despite Password Changes