CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group.
The directive is known as Emergency Directive 24-02 and it addresses the risk of compromised Microsoft accounts for federal agencies and corporations.
The directive mandates agencies to probe potentially impacted emails, reset any compromised credentials and implement safeguards to fortify privileged Microsoft accounts.
CISA reports that operatives from Russia are utilizing information pilfered from Microsoft's corporate email systems, including authentication details exchanged between Microsoft and its clientele via email, to infiltrate certain customer systems.
Microsoft and the U.S. cybersecurity agency have already alerted all federal agencies whose email exchanges with Microsoft were identified as exfiltrated by the Russian hackers.
CISA has now directed affected agencies to ascertain the complete content of their correspondence with compromised Microsoft accounts and conduct a cybersecurity impact assessment by April 30, 2024.
For any compromised accounts; review sign-in, token issuance, and other account activity logs for potential malicious activity.
While the requirements of ED 24-02 pertain exclusively to Federal Civilian Executive Branch agencies, the exfiltration of Microsoft corporate accounts may affect other organizations and corporations.
In 2021, the APT29 hackers once more penetrated a Microsoft corporate account, granting them access to customer support tools.
The compromised account possessed authorization to an application with elevated privileges within Microsoft's corporate environment, enabling the attackers to infiltrate and extract data from corporate mailboxes.
These compromised email accounts included those belonging to members of Microsoft's leadership team and an undisclosed number of employees in the company's cybersecurity and legal departments.
Detecting compromised Microsoft accounts is crucial for maintaining the security of your organization's data and systems.
Monitor Account Activity: Regularly monitor the activity logs of Microsoft accounts for any suspicious or unauthorized activities.
Screen Accounts for Compromised Credentials: Prioritize screening of accounts for compromised credentials.
Implement Multi-Factor Authentication: Enable MFA for all Microsoft accounts to add an extra layer of security.
MFA requires users to provide additional verification, such as a code sent to their phone, in addition to their password, making it harder for unauthorized users to access accounts even if passwords are compromised.
Regularly Review Permissions and Access: Conduct regular audits of permissions and access levels assigned to Microsoft accounts.
Set up Alerts and Notifications: Configure alerts and notifications for suspicious activities or security events within Microsoft accounts.
By following these proactive measures and staying vigilant, organizations can enhance their ability to detect compromised Microsoft accounts and mitigate the risks associated with unauthorized access to sensitive data and systems.
The post CISA Warns of Compromised Microsoft Accounts appeared first on Enzoic.
This Cyber News was published on securityboulevard.com. Publication date: Sat, 13 Apr 2024 00:58:04 +0000