The Cyber Threat Perspective cover image

The Cyber Threat Perspective

Episode 98: Current State of M365 Attacks: Initial Access

Jun 26, 2024
Explore the latest trends in attacks on Microsoft 365 environments. Discover how attackers use techniques like credential stuffing and brute-force attacks to compromise accounts. Learn about the risks of social engineering tactics targeting corporate systems, including man-in-the-middle attacks. Delve into the vulnerabilities of legacy authentication protocols and the challenges of app passwords. This discussion emphasizes the importance of robust security measures and conditional access policies to safeguard sensitive information.
27:01

Podcast summary created with Snipd AI

Quick takeaways

  • Credential stuffing highlights the risk of password reuse across platforms, emphasizing the need for robust password management and security policies.
  • Inconsistent Multi-Factor Authentication (MFA) implementation exposes vulnerabilities, necessitating stronger conditional access policies to enhance security.

Deep dives

Credential-Based Attacks Overview

Credential-based attacks are one of the most prevalent means through which attackers gain initial access to Microsoft 365 environments. Credential stuffing is a common tactic where attackers exploit old or leaked passwords from external sources, often unrelated to the targeted organizations, due to users' tendency to reuse passwords across various platforms. For example, breaches from unrelated applications can lead to compromised corporate accounts because employees frequently use the same credentials. This attack method highlights the importance of password management and security policies to mitigate the risk associated with credential reuse.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode