Azure/Microsoft 365 malicious activity detection tool has released by CISA
PowerShell based tool helps detect potentially compromised application and accounts in Azure/Microsoft 365 environments that has released by the Cyber-security and Infrastructure security Agency (CISA). Microsoft reveals how stolen credentials and access tokens are actively being used by threat actors to target Azure customers.
CISA has created a free tool for detecting unusual and potentially malicious activity that lurk users and applications in Azure/ Microsoft O365 environment. The tool is planned for use by event respondents and it is barely attentive on actions that are common to the current identity and confirmation based attacks seen in several areas.
Working Of CISA’s Tool:
CISA is a powerShell- based tool that invented by CISA’s Cloud Forensics team and named Sparrow can be used to narrow down larger sets of enquiry modules. Sparrow checks the unified Azure/M365 audit log for indicators of compromise (IOSCs). In the list Azure AD domains, and checks Azure service principals and their Microsoft Graph API permission to discover potentially malicious activity.
CrowdStrike released Free Azure Security Tool:
Cyber security secure crowdStrike released a detection tool after investigating a failed hack that received a wanring from Microsoft. Microsoft Azure resellers account having try to read the compny’s email using compromised Azure authorisations.
After analysing Internal and production environments following the SolarWinds breach. CrowdStrike also said last week it found no any proof of being stuck in the supply chain attack.
In the second Investigaton Microsofts alert that came while Crowdstrike was looking for IOCs associated with the SolarWinds hackers in their environment.Crowd Strike also found that Azure’s administrative tools were particularly challenging to use.
Azure environments and get an easier overview of what honors are allotted to third party re-seller and partner. Crowd Strike released the free CrowdStrike Reporting Tool(CRT).