topic SharePoint Online environment in Threats https://community.isc2.org/t5/Threats/SharePoint-Online-environment/m-p/60075#M814 <P>Hi All</P><P>&nbsp;</P><P>Rarely do we see reports on first of a kind attack, but here is one against SharePoint Online:</P><P>&nbsp;</P><P>Your organisations attack surface just increased....</P><P>&nbsp;</P><P><A href="https://www.darkreading.com/cloud/researchers-report-first-instance-of-automated-saas-ransomware-extortion" target="_blank">https://www.darkreading.com/cloud/researchers-report-first-instance-of-automated-saas-ransomware-extortion</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 09 Oct 2023 10:35:38 GMT Caute_cautim 2023-10-09T10:35:38Z SharePoint Online environment https://community.isc2.org/t5/Threats/SharePoint-Online-environment/m-p/60075#M814 <P>Hi All</P><P>&nbsp;</P><P>Rarely do we see reports on first of a kind attack, but here is one against SharePoint Online:</P><P>&nbsp;</P><P>Your organisations attack surface just increased....</P><P>&nbsp;</P><P><A href="https://www.darkreading.com/cloud/researchers-report-first-instance-of-automated-saas-ransomware-extortion" target="_blank">https://www.darkreading.com/cloud/researchers-report-first-instance-of-automated-saas-ransomware-extortion</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 09 Oct 2023 10:35:38 GMT https://community.isc2.org/t5/Threats/SharePoint-Online-environment/m-p/60075#M814 Caute_cautim 2023-10-09T10:35:38Z Re: SharePoint Online environment https://community.isc2.org/t5/Threats/SharePoint-Online-environment/m-p/60086#M816 <BLOCKQUOTE><HR /><SPAN>... Not only was the breached [MS Global administrator] account accessible from the public Internet, it also did not have multi-factor authentication (MFA) enabled — something that most security experts agree is a basic security necessity, especially for privileged accounts....</SPAN><HR /></BLOCKQUOTE><P>I don't understand how compromised admin account is a first.</P><P>&nbsp;</P><P>The amazing part to me is that a year or so ago, MS <A href="https://www.techrepublic.com/article/microsoft-sets-mfa-default-azure/" target="_blank">made MFA the default</A> even for existing non-admin accounts, unless the customer had explicitly opted out.&nbsp; So, this is not a case of somebody not having gotten the memo -- they shredded, burned and buried it.</P> Sat, 17 Jun 2023 20:46:47 GMT https://community.isc2.org/t5/Threats/SharePoint-Online-environment/m-p/60086#M816 denbesten 2023-06-17T20:46:47Z