Skip to content

GUIDE

Top 7 Cyber Threats And How Microsoft Helps Mitigate Them

 

Gaining better visibility into to your Microsoft 365 cloud and on-premises environments across email, identity, and endpoints is crucial to prioritizing and mitigating potential cyberattacks against your organization.

Understanding the top threats that could be potentially lurking in your environment and knowing if you have the right Microsoft technology to detect them is the first step to a more secure environment.

This guide breaks down the top 7 threats, what they really mean and how Microsoft technology can detect and mitigate them. 

The Top 7 Cyber Threats:

  • Leaked Credentials
  • Malware Detection
  • Multiple Failed Login Attempts
  • Phishing Attempt
  • Suspicious Sign-In Activity
  • Suspicious Mailbox Activities
  • Unusual User Activity

Here's a sneak peek of what you can expect...

Threat Category: Identity

Detected By: Microsoft Defender for Cloud Apps +  Microsoft Entra ID Protection

Threat Overview

When cybercriminals compromise valid passwords of legitimate users, they often share those credentials. This is usually done by posting them publicly on the dark web or paste sites, or by trading or selling the credentials on the black market. The Microsoft leaked credentials service acquires username and password pairs by monitoring public and dark web sites and by working with:

  • Researchers

  • Law enforcement

  • Security teams at Microsoft

  • Other trusted sources

When the service acquires username and password pairs, they are checked against AAD users' current valid credentials. When a match is found, it means that a user's password has been compromised and a leaked credentials risk detection is created. 

Microsoft Analysis Tools

Microsoft Sentinel: Investigating incidents

Microsoft Defender XDR: Investigating incidents

Microsoft Defender for Cloud Apps: Threat protection policies

Microsoft Entra ID Protection: How to investigate risk 

Microsoft Mitigation Tools & Tactics 

Microsoft Entra Multi-Factor Authentication: Enable Azure multi-factor authentication for privileged accounts and end-users to mitigate against a range of identity-related attacks including phishing, password spray, and brute-force attacks.

Microsoft Entra Conditional Access: Deploy Microsoft Entra Conditional Access policies to apply the right access controls when deemed necessary.

Microsoft Entra Self-Service Password Reset: Enable automatic user remediation in the event of a leaked credential.

Microsoft Entra Password Protection: Reduce weak passwords and mitigate against getting compromised from password spray and/or brute-force attacks by implementing Microsoft Entra password protection. 

Windows Hello: Deploy Windows Hello to replace passwords with strong two-factor authentication on Windows 10 devices.

Modernize Hybrid Authentication Method: Migrate from AD Federation Services to Password Hash Synchronization if not already done.

Modernize Password Policy: Improve password quality by updating your password policy