Microsoft Accounts Are Under Attack

Welcome back to another episode of Cappuccino Chat. This time we're talking about our Microsoft accounts and how they're constantly under attack and more importantly what we can do to protect them. We all know and understand that every day, every minute, our accounts in Microsoft 365 are under attack, right? Well, you may not realize it because there's nothing alerting you to it, but we got access to back-end data from our clients showing that these attacks are happening and people are trying to log in with either stolen credentials, just password attacks, uh, alphabet attacks, just trying different stuff. So, we're seeing this data. But to further prove it, found an article recently from um Dark Reading that explains a specific attack from Chinesebacked attackers where they compromised over 130,000 different devices that these devices were being used to specifically attack Microsoft. So these weren't just in China or just Chinese-owned devices. These were devices that had been breached somehow. A user opens an email, clicks a link, whatever. This these Chinese backed hackers were using these rogue devices that they users had no idea that they were there, but they were using other people's computers to attack Microsoft accounts and actually try to break passwords, enter passwords, and get into those accounts. So, this is happening all the time. Now, when this article first came out, um I was like, "Yeah, of course." And I started looking around at some of our clients because our stuff's being blocked. We are monitoring this. We are protecting this. U we're ensuring that these breach types of breaches don't happen and alerting our clients andor just taking care of it. So, I started looking and yes, it's happened a lot. It happens to my account. Uh it happens to everyone's account. So, if you think that this isn't happening, I'm telling you, you're wrong. So good strong passwords as always very important but so what are some things we can do to protect ourselves again strong passwords what's a strong password it's definitely not password one two three right that is not a strong password uh used to be you know eight characters upper lower number and a special character was good enough that's no longer good enough with these new AI engines and this computing that they've got going on with Nvidia and all that stuff that we're seeing eight characters ain't cut no more 12, 15 and up characters, randomly generated phrases, just anything you can do. Password manager is very important in helping you generate these good passwords because if we create these crazy passwords that we hope can't be breached or guessed, how are we ever going to remember them because they're gibberish, right? So, a good password manager is something to help you with this multiffactor authentication. It is still an issue where people don't want to put on multiffactor authentication where you have a app u authenticator app that gives you a code that you have to type in just like your bank does hopefully when you go to log into your bank uh different websites are requiring this for your email absolutely 100%. Now, there's things we can do to help you limit the amount of annoyance because of it, but it still needs to be set up and configured, right? Uh monitoring alerting. So, uh Microsoft's not going to tell you when your attack's being hacked into and people are trying to log into your account. You may just all of a sudden not be able to get into your email for a little while and you can't figure out why. Well, it's because Microsoft has seen different attacks and different false login and has locked out your account for a period of time. These things can be adjusted and set up and monitored by companies like ours. You want to do cyber awareness training for employees so they understand to watch out for these different emails and links and how to set up a proper password. Why the importance of MFA is there so they're not just constantly, you know, um screaming in your ear how annoying it is to have to type a code in just to do their work and all this stuff. They understand the risks to your business. You want to implement least privilege and or zero trust um where you can. So again, limit what employees can get access to, including applications, data, uh, all of that on their computers and on your network. If they're in, if they're not in the accounting department, there's no reason for them to have access or even see the data, database, any information related to finances. They're not in that department, there's no reason for them to see that data. Make sure you're implementing those lease privileges, zero trust um policies so that that stuff can't be accessed if there was a breach of any kind. Create conditional access rules within Microsoft 365. Now, this requires some additional licensing or a different level of licensing possibly for you, but this can be set up so that it can limit access from outside the US. Uh require MFA on all users whether they set it up or not. Um only allow for the setup of MFA at your location. And this one's a big one. Uh we had a client that had MFA, the free MFA set up on it, but the hacker was able to get the employee to log into Microsoft 365 for the hacker. In other words, they were fished. Once they were in, the hacker just simply set up another MFA authenticator on their own device and then they were able to log in as they pleased with another authentication because now they were getting the code to log in. So again we a lot of things we can do with that conditional access very important and then lock down the devices uh with application whitelisting and having MDR type tools that manage detection and response. So application whitelisting is where if it's not on the approved application list. So if you use QuickBooks and you Office, Word, Excel, Outlook, those things, those are all approved. But if someone was to click a link or open attachment that tried to install something without you knowing it behind the scenes because it's not on that approved list, it would be denied and it would not be able to install that hacking tool to watch and learn and get data on your network and from your computer systems. Very important. So those are the those are six different things that you can be doing implementing one or even better all of them. If you are not sure um what kind of security you have, you assume your IT provider is taking care of these things, you haven't talked to your IT provider about these security items, uh please reach out to me or them and have this hard conversation. If you don't get a good answer, uh please reach out to me so we can let you know what's available, how we can help assist in ensuring that your business is as secure as it can be. But these attacks are happening every minute of every day. If I showed you, you would be totally surprised at it. All right. So again, any questions, concerns, please reach out to us. Give us a call here at the office. 760-7705200.