New M365 Business Email Compromise Attacks with Rclone
by Jamie Vendel, Samuel Smoker
When it comes to Microsoft Office 365 security, relying on a cybersecurity generalist is like a sailor using a compass to navigate safely through unknown waters and treacherous shoals. If you run O365 now, or are thinking of making the move, know that Kroll specialists work extensively within the O365 environment every day.
We investigate and solve problems for clients around the world, discovering new hazards and navigating known risks. You can rely on our cumulative and ever–expanding O365 security knowledge to help guide you in proactive ways to better safeguard data, especially as O365 continues to evolve, both in security offerings and option controls.
Kroll’s forensic specialists have spent years investigating O365 security incidents of all sizes, types and complexity. These include business phishing attacks, email compromises, insider threats, compromise of privileged accounts, SMTP relay attacks, etc.
Our experts’ unique experience not only informs Kroll’s robust forensic methodology, but also primes our approach with the agility to recognize and respond to new forms of cyberattacks.
Our investigations deliver actionable information by reconstructing a detailed timeline of a bad actor’s activity in your environment:
Kroll’s forensics methodology for O365 security incidents is structured and implemented in three broad phases. Each phase is customizable for your needs and goals. The team routinely works with counsel and cyber insurance providers, and can provide support remotely, onsite or in combination. Our findings ultimately also help with decision–making around notification efforts, including defensible communications to regulators.
Note: The following is a high–level overview of Kroll’s methodology. Contact Kroll for complete scope of activities.
Organizations that have deployed O365 are often unaware they can directly improve data security, including their ability to recover after an incident. Kroll offers practical guidance that focuses on the entire email kill chain, including O365 configuration, phishing prevention, workstation defenses and end–user awareness. Our goal is to provide you with a prioritized set of specific recommendations to help manage the email security program.
Goal: Identify material gaps or significant shortcomings in the organization's email security defenses.
Process: Kroll experts remotely review email security defenses with a focus on identifying proactive measures and controls.
Focus
Goal: Assess the secondary defensive measures in place to protect the organization against email–based attacks.
Process: Kroll experts conduct interviews with a cross–section of employees and functional areas.
Focus
Office 365 is continually introducing new features and retiring older capabilities. You can count on Kroll’s O365 security specialists to be there on the leading edge, able to guide you through challenges and harden security throughout the environment.
In fact, Kroll has you covered end–to–end when it comes to incident response, including our powerful CyberDetectER. Speak with one of our O365 security specialists today to learn about all our capabilities.
Kroll is ready to help, 24x7. Use the links on this page to explore our services further or speak to a Kroll expert today via our 24x7 cyber hotlines or our contact page.
Improve investigations and reduce your potential for litigation and fines with the strict chain-of-custody protocol our experts follow at every stage of the data collection process.
Kroll's computer forensics experts ensure that no digital evidence is overlooked and assist at any stage of an investigation or litigation, regardless of the number or location of data sources.
Fortify your defenses and maximize your technology investment with a Microsoft 365 security assessment from Kroll.
Kroll is the largest global IR provider with experienced responders who can handle the entire security incident lifecycle.
Kroll’s Malware Analysis and Reverse Engineering team draws from decades of private and public-sector experience, across all industries, to deliver actionable findings through in-depth technical analysis of benign and malicious code.
Our expertise allows us to identify and analyze the scope and intent of advanced persistent threats to launch a targeted and effective response.
In a business email compromise (BEC) attack, fast and decisive response can make a tremendous difference in limiting financial, reputational and litigation risk. With decades of experience investigating BEC scams across a variety of platforms and proprietary forensic tools, Kroll is your ultimate BEC response partner.
by Jamie Vendel, Samuel Smoker
by Laurie Iacono, Josh Hickman, Caitlin Muniz
by Jaycee Roth
by Jonathan Holtmann, Scott Downie, Jamie Vendel