Email is one of the biggest threat vectors for companies of all sizes. Access to user’s email account often grants access to a wide range of other company services and gives attackers an opportunity to steal company and customer data.
F-Secure Cloud Protection for Microsoft Office 365 provides an effective protection against the most sophisticated phishing, malicious content, and targeted attacks. We are now launching a set of features that help companies to secure their IT environment even better by detecting compromised company email accounts before criminals have a chance to use the stolen credentials.
Why detecting breached accounts is important?
A breached account is an easy way for the attacker to get into an organization and take maximum advantage by launching attacks such as internal phishing campaigns, ransomware attacks, or impersonation based attacks. The attacks done using a breached account, such as phishing campaigns or impersonation, are hard to detect because they use a legitimate company user account.
The attacker typically gains access not only to account owner’s email but a breached domain account can be used to get access to other domain systems, such as Sharepoint and Onedrive to exfiltrate important data and intellectual property. A breached admin account can open unlimited possibilities for the attacker to compromise other internal systems that admin has access to, and all the users of these systems.
Detecting compromised accounts as soon as the breach information is available is the key to reclaiming those accounts by password change or other security measures, such as multi-factor authentication to avoid further exploitation of breached data.
How does it work?
F-Secure use a third party service to get information on breaches and compromised accounts in the wild. F-Secure Cloud Protection for Microsoft Office 365 use this service to acquire breach information about the company accounts providing accurate information on possible breached email addresses in the domain. The information on breached accounts happens early in the breach timeline giving the company admins precious time to validate the user identity and take actions before the data becomes available for broader criminal audience.
As soon as you deploy F-Secure Cloud Protection for Microsoft Office 365 to protect your organization’s Microsoft 365 domain, the product will check the possible breaches information for the protected email addresses in the domain giving you instant posture if your company has compromised accounts in the wild. In addition, it also provides information about the severity of the compromised accounts based on type of information that was compromised and are those accounts still exploitable or not.
The overview of the company shows the number of compromised accounts (if any) in the company.
Details of the breached account show information such as:
- Email account
- Information if the breached account can be easily found from the public internet or from the dark web
- Date of the breach
- Type of the password breached, e.g. plaintext or hash/encrypted (SHA1, MD5, 3DES, etc.)
- Time when the password was last changed, e.g. has it been changed after the breach happened