Project Counsel Media
19 August 2019 (Zurich, Switzerland) — One of the first conversations we ever had about dealing with the growing challenge of unstructured data and its governance was 5 years ago with a team from Varonis, the security software company. That relationship would build as we had the opportunity to meet some of their R&D team at DLD Tel Aviv, the annual mega tech innovation festival in Israel (Varonis has its R&D division headquarters in Herzliya, Israel). We learned … as we all have … that unstructured data will present a large security risk to companies of all sizes. They had developed an Unstructured Data Risk Assessment program before anybody had even begun to scope out the problem.
The relationship would grow as we had the opportunity to receive hands-on cyber security training from their cyber incident response team.
And as we all have learned, Office 365 SharePoint has had serious security breaches. Cyber attacks on/via 365 have been ramping up as more and more corporations and law firms adopt 365. Varonis has seen an uptick in adversaries using a very tricky man-in-the-middle attack to bypass Microsoft’s multi-factor authentication (MFA) safeguards.
Here’s an outline of how the attack works:
• Varonis tricked a user into entering creds into its fake O365 login page (made with evilginx)
• They make Microsoft send a passcode to the user’s phone
• The user enters their passcode on the Varonis fake page
• Varonis hijacks the user’s session token
• They gain access to the SharePoint Online environment
• They exfiltrate data from O365
• They pivot to on-prem and steal CEO’s emails (because … well, why not?)
Varonis has the full attack scenario play out on an on-demand video demo. Their security analyst, Ryan O’Boyle, gives a brief tour of Varonis for Office 365, executes the attack, and shows you how to use DatAlert to detect and respond.
To watch just click here.
