“comes to changing a tool ’ s defaults, huntress analysts have observed adversaries to just … not do that. bec prevention in microsoft 365 beyond detection technology, preventing bec in microsoft 365 requires strong access controls and identity security. multi - factor authenticat…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.004Cloud Accounts
64%
“##h … user baselining to investigate this behavior, we can correlate the user ’ s authentication pattern : how often have they signed in from this territory in the world, how common is it they authenticate with rare user agents, maybe they ’ re a developer testing some stuff? sav…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
51%
“we have held onto the telemetry. reporting business email compromise in microsoft 365 from this one hypothesis - driven threat hunt, we issued a number of true positive reports advising our community members of business email compromise, and a suite of remediation strategies to e…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.004Cloud Accounts
48%
“user agent came from ( no points for guessing a python package ). the user agent comes from the microsoft - blessed python library here and has been associated with malicious activity reported by alice klimovitsky in may 2023. the user - agent / python library is not malicious it…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
46%
“bec threat hunting : how to detect microsoft 365 compromises we all have thoughts that keep us up at night. will the ticking noise the car made end up being an expensive repair? when will youtube superstar john hammond respond to my posted fanfiction? and are there user agents in…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1526Cloud Service Discovery
44%
“by honing in on anomalous user agents? on the hunt : how to detect bec in office 365 knowing how to detect bec in office 365 starts with understanding what normal authentication looks like — and what doesn ' t. installed across more than 2 million endpoints, and monitoring 50, 00…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.004Cloud Accounts
38%
“we have held onto the telemetry. reporting business email compromise in microsoft 365 from this one hypothesis - driven threat hunt, we issued a number of true positive reports advising our community members of business email compromise, and a suite of remediation strategies to e…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Can we use anomalous user agents to detect potential business email compromise (BEC) in Microsoft 365? Explore what we found through threat hunting for BEC.