The National Cyber Security Centre (NCSC) has published an advisory: ‘The rise of Office 365 compromise and how to mitigate’
You can find a link to the paper here.
The document provides details of how credential compromise (username/password theft) can be a launch pad to carry out further compromise within an organisation.
The NCSC makes recommendations for mitigation, including:
- Configuration of Multi-Factor Authentication (MFA)
- Setting up Conditional Access with trusted locations/ devices
- Log recording and auditing
For details of the Syntax real-time log file monitoring and analysis service, Cloud Threat Security, please click here.
For further reading please see our blog post, Anatomy of Credential Theft, which describes in detail the stages of compromise. Please click here.