News of the SolarWinds cyber attack came out in December 2020 and has emerged as one of largest targeted against the US government, its agencies and several other private companies. SolarWinds is recommending that all customers immediately update the existing Orion platform, which has a patch for this malware. “If attacker activity is discovered in an environment, we recommend conducting a comprehensive investigation and designing and executing a remediation strategy driven by the investigative findings and details of the impacted environment,” according to SolarWinds.

Microsoft confirmed it has found evidence of the malware on their systems, although it added there was no evidence of “access to production services or customer data”, or that its “systems were used to attack others”.

MessageOps is posting the most update to date information from Microsoft pertaining to the SolarWinds cyber attack. The attack (aka Solorigate) utilized malicious SolarWinds files that potentially gave nation-state actors access to some victims’ networks. Microsoft cybersecurity experts are investigating the attack to help ensure that customers are as secure as possible.  Microsoft has created a Solorigate Resource Center to provide the latest threat intelligence, Indicators of Compromise (IOC)s, and guidance across Microsoft products and solutions to help the community respond, harden infrastructure, and recover.

Helpful resources:

Solorigate Microsoft Resource Center

Protection from Solorigate with Microsoft 365 Defender

Advice for Incident Responders on Recovery

Customer Guidance on Cyber Attack

Azure AD workbook to help you assess Solorigate risk

SolarWinds Post-Compromise Hunting with Azure Sentinel

Microsoft 365 Security

The Microsoft 365 suite includes security products to help you elevate and modernize your security, manage risk, and meet compliance standards with the trusted Microsoft cloud. These are some of the key security capabilities:

  • Microsoft 365 uses Azure Active Directory to manage user identities behind the scenes. Enterprise plans include a free subscription to Azure AD so you can integrate with Microsoft 365 to sync passwords or set up single sign-on.
  • Microsoft 365 Enterprise E5 identity and access management solutions give you the intelligence to detect risky sign-in behavior and the capabilities to apply policies to limit or block access depending on the rules you apply.
  • Benefit from information protection and governance capabilities built in to Microsoft 365 apps and services, Power BI, Edge browser, Windows 10 devices, and more.
  • Configure and manage policies and view analytics across your on-premises environment, Microsoft 365 apps and services, third-party cloud services, and devices—all from a single console.
  • Accurately identify sensitive information across your enterprise with comprehensive classification capabilities, including machine learning.
  • Consistently extend protection and governance to popular third-party apps and services with SDK and connectors.
  • With a hacker attack happening somewhere every 39 seconds, you need trustworthy, tested protection for your digital environment. The Microsoft 365 collection of threat-protection technologies helps protect against and provides visibility about spam, malware, viruses, phishing attempts, malicious links, and other threats.
  • Get comprehensive endpoint protection with Microsoft Defender for Endpoint. Microsoft Defender for Endpoint protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture.
  • Microsoft Defender for Office 365 helps protect against unknown, sophisticated attacks hidden in email attachments and links, and it provides cutting-edge defenses against zero-day threats, ransomware, and other advanced malware. Rich reporting lets you investigate why Microsoft Defender for Office 365 flagged a threat, and it gives you critical insights about users who are being targeted in your organization.
  • Identify high-risk and abnormal usage, security incidents, and evolving threats within your Microsoft 365 environment and set up detailed anomaly-detection policies and controls with Microsoft Cloud App Security. Gain enhanced visibility into your Microsoft 365 usage and uncover Shadow IT of cloud apps in your organization.
  • Microsoft Defender for Identity leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Microsoft Defender for Identity provides invaluable insights on identity configurations and suggested security best-practices to protect identities and reduce attack surface.
  • Monitor and manage security across your identities, data, devices, apps, and infrastructure in the Microsoft 365 security center. A single dashboard lets you easily view your security health and set configurations, plus get alerts for suspicious activity.
  • Microsoft Secure Score helps you understand your security position and offers recommendations on what controls to enable to protect your organization from threats. Plus, it allows you to benchmark your score against other organizations.
  • Get intuitive end-to-end compliance management from easy onboarding to control implementation.
  • Reduce risk with intelligent automation, including compliance score, control mapping, and continuous assessments.

MessageOps can help you find the right Microsoft 365 plan for your business needs and are available to support you with your Microsoft security requirements. Please contact us if you have any questions:[email protected] or 877-788-1617.

Was this article helpful?