VMHOSTS NEWS

Hackers Find New Ways To Access Your Microsoft 365 Account

Hackers are constantly finding new ways to get into your data. A Russian state-sponsored threat actor, Cozy Bear, has created new tactics to slide into your Microsoft 365 accounts. 

SECURE YOUR SYSTEMS WITH VMHOSTS

Hackers are constantly finding new ways to get into your data. A Russian state-sponsored threat actor, Cozy Bear, has created new tactics to slide into your Microsoft 365 accounts. 

Cozy Bear are using three techniques to execute and disguise these attacks:

  1. Disabling Purview Audit before engaging with a compromised email account
  2. Brute-forcing Microsoft 365 passwords that are yet to enrol in multi-factor authentication
  3. Covering their tracks by using Azure Virtual Machines via compromised accounts, or by purchasing the server.

Purview Audit is a high-level security feature that logs if a person accesses an email account outside of the programme, thereby IT departments can control all accounts making sure there’s no unauthorised access. 

However, Cozy Bear makes sure to disable these features before accessing any of your emails. By doing this, they are also abusing the self-enrollment process for Multi-factor Authentication in Azure Active Directory. So, when users try to log in for the first time, they’ll first need to enable this on the account. 

Threat actors have found a way to work around this component by brute-forcing accounts that are yet to enrol in the advanced cybersecurity feature. They are able to then complete the process in the victim’s place, granting non stop access to the target organisations VPN infrastructure, leading to this targeting the entire network and its endpoints.

Azure’s virtual machines already holds Microsoft IP addresses, as Microsoft 365 runs on Azure, since Cozy Bear can further hide its Azure AD activity by bleding regular Application Address URLs with malicious activity. Luckily for you guys the team at VMhosts are here to help you before this happens. 

At VMhosts we can manage your BackUp Services, IT management and Recovery, so you don’t have to. If you want to have a conversation about how to improve your IT security, get in touch today.

READ OUR LATEST BLOG POSTS & articles

Free VMWare?

Free VMware is back! Lets take a look to see if its a good idea to use it!

Is EDR, MDR or XDR the best for keeping your business cyber-safe?

If you’re a small business owner navigating the ever-expanding world of cybersecurity, chances are you’ve come across the acronyms EDR, MDR, and XDR. It’s a complicated landscape and its sometimes hard to know the difference, never mind the right choice! Let us help you make the right choice…

World Backup Day 2025

March 31st is World Backup Day, a reminder that data is one of the most valuable assets for businesses. Somehow, many organisations still fail to implement a robust backup strategy and only discover this when disaster strikes.

FREE Office 365 Security Health Check

As businesses move to agile mobile solutions such as Office 365, cyber criminals are exploiting this choice, to many Office 365 is new technology platform. Once a business has migrated key services to these always on services they become dependent on their availability and make the assumption the platform is secure by default.