Microsoft 365 Defender to protect customers against Solorigate attack
Recently, the world noticed the most sophisticated cyberattacks in the tech world. So Microsoft 365 Defender is Solorigate, the cyberattack has been grabbing many security firm’s attention in the past weeks.
Microsoft came up with the 365 Defender solution as an effective way to protect from Solorigate-like sophisticated attacks. Solorigate involves compromising supply chain and cloud assets; Microsoft has kept their research and response on a continuous process.
Microsoft said that investigations and impact assessments are still going on. They’re working on providing visibility into the attack chains and related threat intelligence.
In their recent blogs, they have said that the details and insights about the sophisticated Solorigate attack show that organizations can improve their defense against it.
What we can learn from the Solorigate attack
The attack itself is complex and multi-staged. The attackers used advanced techniques across multiple environments and domains to compromise high-profile targets.
Below, according to Microsoft, are the stages of Solorigate attack:
- First, they compromised a legitimate binary via a supply-chain attack belonging to the SolarWinds Orion Platform.
- After that, a backdoor malware was deployed on devices that are using the compromised binary codes. It allowed the attackers to control the victim’s devices remotely.
- The backdoor access on compromised devices, helped them steal the credentials, build up privileges. They could move across on-premise environments to create SAML tokens.
- At last, they access the cloud resources, searching for accounts and exfiltrate emails.
Highly motivated bad actors conducted Solorigate cyberattack. We could see that they didn’t spare any resources to get to their goal. The attack shows how important it is to ensure strong individual security domains.
Also, you need a holistic understanding of the relationship between domains and how one compromise environment can affect another, to protect yourself against advanced cyberattacks.
How Microsoft 365 Defender can protect you from Solorigate-like attacks
Microsoft 365 Defender offers cybersecurity tools; you can use depending on your licensing to defender against various situations. Microsoft has said that 365 Defender Endpoint can alert administrators after detecting backdoors in protected systems.
Because attackers use backdoors to execute an attack, 365 Defender ensures layer protection to defend Solorigate like attacks. Also, if your device gets affected by any means, 365 Defender can remotely prevent attackers from using system resources.
For Endpoints, Microsoft Defender can detect suspicious access to LSASS, a process that may manipulate the ongoing system and attempts to access ADFS key material. Even admins can use Microsoft Defender to detect and diagnose the presence of Solorigate.
Though Microsoft says, that it isn’t the complete solution against the cyberattack, it still offers options to defend against it.
How to get Microsoft 365 Defender
If you’re licensed for Microsoft Security products, you can get or already have Microsoft 365 Defender. Eligible customers who visit the Microsoft 365 Cybersecurity center, will get the features automatically.
Below are the licenses that give you access to Microsoft 365 Defender features in the security center, free of cost:
- MS 365 E5 or A5
- MS 365 E5 Security or A5 Security
- Windows 10 Enterprise E5 or A5
- Enterprise Mobility + Security (EMS) E5 or A5
- Microsoft Cloud App Security
- Microsoft Defender for Identity
- Office 365 E5 or A5
- Microsoft Defender for Endpoint
- Defender for office 365 (Plan 2)