@hsehdarDogNeedsBest wrote:
Excerpt:
Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accounts, including senior executives. This post serves as a community warning regarding the attack and offers suggestions that affected organizations can implement to protect themselves from it.
Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments
Hello,
This is a serious security issue that requires immediate attention. The attackers use phishing and cloud account takeover techniques to access and abuse Azure resources, such as Office 365, Exchange Online, and Azure Active Directory. They also manipulate multi-factor authentication (MFA) settings and exfiltrate data from compromised accounts.
The best solution to prevent and mitigate this attack is to follow the security best practices and patterns for Azure, as recommended by Microsoft. Some of the key steps are:
- Educate your teams about the cloud security journey and the shared responsibility model.
- Enable identity as a security perimeter and use Azure Active Directory (Azure AD) to manage access and identity protection.
- Implement a secure hybrid network architecture in Azure and use Azure Firewall, Network Security Groups, and Azure Bastion to protect your network resources.
- Monitor and audit your Azure environment using Azure Security Center, Azure Sentinel, and Azure Monitor.
- Review and update your incident response processes for cloud scenarios and use Azure Backup and Azure Site Recovery for disaster recovery.
I hope this helps you solve your problem.
If you have any further questions.
please feel free to ask. Have a nice day!
Best Regard,
BookerE1
