Cyber security and AI
How to improve your cyber security
ALERT: you need to improve your workplace cyber security. New, sophisticated AI-cyber threats are making it easier for malicious actors to attack businesses and online users. Carefully staged attacks promote human error to bypass standard security measures. Once someone gains access to your email account, your mailbox rules are used to sneak into your Microsoft cloud 365 environment undetected. Scroll down to read of a real-life layered cyber attack.
To improve your office cyber security and keep your team working safely online, you need to act now and deepen your security to a new level of sensitivity.
Ask itro to protect your email account and Microsoft 365 cloud environment from hidden attacks with itro MDR (Manage Detect and Respond), part of MSSP itro’s Recommended IT Security Checklist. It’s a game-changer that works 24/7 to proactively protect your team, data and infrastructure against identified and unknown threats. Our solutions transfer the headaches of managing your cyber security to our team of engineers.
AI has changed cyber security
AI is changing security tools on both sides
Legitimate and malicious entities are using AI to increase the speed and sophistication of how they protect, or attack, online users. Standard security measures you could once rely on are not enough to keep your team working safely online.
Coordinated, layered attacks
Attacks are no longer one-dimensional. Hackers use layered attack tools and methods to undermine your security. Which is why you need layered security solutions. And why your IT team needs to constantly evaluate the effectiveness and currency of your security tools.
Warning
To work safely online, you must constantly review the effectiveness of your security resources. Q: When is the last time your IT team reviewed your security? And when is the last time you actioned a recommendation? Failure to review or act on recommendations exposes your business to unnecessary risk!
When itro’s senior engineers recommend an update or new solution, it’s to address a security weakness or implement a better solution to protect your team, data and infrastructure. Please act on our advice ASAP to maximise and improve your office cyber security.
How good is your security?
Effective security comes from having a skilled team of engineers, layered security measures and acting on our recommendations.
For example, itro highly recommends the layered security of itro MFA and itro Mail Scan to protect your emails and online accounts.
itro Mail Scan protects by interrogating emails to ensure only legitimate, identified user accounts can send and receive emails across your mail domain.
itro MFA protects by alerting you to requests to access your online accounts or internet-published devices. If you get an alert, but you’re not the one making the request, deny access immediately! Any request not initiated by you tells you:
- someone is maliciously trying to use your login credentials, or they have been stolen.
- You need to CHANGE YOUR PASSWORDS!
- You need to report suspicious requests immediately to itro support. We’ll take immediate remedial action to protect your compromised account.
However, no one security tool can protect you absolutely!
New layered AI-managed attack methods trigger user errors and circumnavigate email, online account and infrastructure security. The following is a real-life, recent example of a nasty attack.
Problem: A real-life layered cyber attack
Attack begins with an email
A new* threat was delivered through itro Mail Scan to a hardworking professional we’ll call ‘User-X’. (*NB Newly released threats have a short-term advantage over email scanners, initially able to slip past quarantine restrictions until they are identified as ‘malicious’.)
An email was sent to User-X with an embedded HTML link. In a perfect world, itro Mail Scan would have identified the email as suspicious and quarantined it. Unfortunately the new threat was not identified as malicious, and the email was released to User-X.
Redirected, and recorded
Likely distracted by their workload, User-X didn’t notice the poor quality of the email and clicked on its HTML link. The link redirected them to Microsoft’s legitimate M365 login page. However, it also uploaded malicious script to User-X’s browser. As User-X typed in their Microsoft login credentials, they were recorded and sent directly to the attacker.
SMS-generated MFA subverted
The attack next undermined User-X’s MFA using what is known as a ‘replay attack’. Code was used to take hostage of User-X’s SMS generated MFA. The SMS request was redirected to the attacker, who happily approved access to User-X’s M365 account.
Would you report an odd email?
Having slipped passed two layers of IT security, the only hope of discovery now depended on User-X reporting their unease over an odd email experience. Unfortunately they didn’t, enabling the attacker to embed themselves within User-X’s M365 environment and create false accounts for malicious purposes.
Solution: itro MDR would have saved User-X
Deeper defence of your devices and infrastructure.
Should human error undermine your email defences, or unidentified threats slip past your MDF, itro MDR will alert our engineers to fix the problem – before you even know you have one! If User-X had acted on our recommendation to have itro MDR, it would have detected and flagged the unusual activity. This would have saved them and their company from what happened after their credentials were stolen. How?
Suspicious email rules and unusual activities in your M365 environment get reported
itro MDR monitors, detects and responds to known and unrecognised threats, 24/7. Had it been implemented, it would have instantly alerted itro that User-X’s stolen credentials were being used concurrently from two locations: the hacker’s address overseas and Melbourne. It would have also noticed and alerted itro to the suspicious creation of new Outlook rules in User-X’s Microsoft 365 environment.
Full visibility to know exactly what, when and how to fix an attack
itro MDR gives our engineers new levels of visibility, easily identifying when an attack occurs, how it occurred (eg human error, third party vulnerabilities, etc), hunt down the attacker’s access point and fix the problem so it doesn’t happen again!
Improve your cyber security now
itro has a brilliant, friendly team of engineers and the tools you need to improve your office cyber security. For 24/7/365 protection for your devices and Microsoft 365 environment, we highly recommend you consider implementing one or both of our Manage Detect Respond solutions:
1. itro MDR for Endpoints
provides real-time protection and immediate response against unusual or unexpected changes to your devices.
2. itro MDR for M365
protects you against anomalous behaviour and ‘takeover attacks’ within your Microsoft 365 cloud environment.
Continuous Protection
Both solutions work 24/7/365 using AI-tools driven by human engineers in itro’s Security Operations Centre (SOC).
Our senior Solutions Architect, Lucas ([email protected]), is happy to help answer any questions you have on itro MDR and IT Security Checklist. Or use the below links to see our Managed Support Plans or Contact Us.