Microsoft To Add 'Nation-State Activity Alerts' To Defender for Office 365

Microsoft is working on adding a new security alert to the dashboard of Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection) that will notify companies when their employees are being targeted by nation-state threat actors. From a report: The feature was added on Saturday to the Microsoft 365 roadmap website. The idea behind the feature is not new. Since 2016, Microsoft began tracking nation-state hacking groups and the attacks they orchestrate against Microsoft email accounts. If a user is targeted or compromised in one of these attacks, Microsoft sends them an email about the attack, along with basic advice they need to take to re-secure their inbox and devices. Microsoft said in 2019 that it usually notifies around 10,000 users per year of nation-state attacks. But the problem with this notification procedure is that it relies on users reading their email and taking action, which doesn't always happen. Users don't read their emails daily, or it might sometimes take hours before the user reaches the notification in crowded inboxes, a time during which attackers could use to steal sensitive documents. For organizations who are customers of Microsoft's Office 365 service, the OS maker now plans to add these notifications inside the dashboard of Microsoft Defender for Office 365, the cloud-based security platform that scans a company's Office 365 accounts for threats.

Wow I truly depend on Microsoft to protect

[oldgraybeard]

me from those nasty nation states messing with O365. Oh wait I don't use any Microsoft products does that mean I am not protected. Or maybe not threatened ;)

Re:

[jellomizer]

It may mean that you are may not be protected.
This isn't as much of an attack on a Microsoft product via a flaw in its product, but more to the fact that your business, organization or individual may be targeted.
I work in healthcare, we get this crap all the time. We would be getting this stuff if we used Office 365 or if we hosted our email internally, with say a Linux based Email server.

For emails especially though. It is a big job to keep your email system running clean and blocking a lot of crap. That

Re:

[rtb61]

They are pushing a FEAR device, a marketing tool to make you afraid all of the time. HORROR you are being attacked by Boris and Natasha from the KGB, vote for war and buy our security software and services.

How many false alarms will there be, as many as it is profitable to do so. Although they are directly marketing their software as secure but they will work around it, they will blame you for your security failure.

Just being M$ mega fear selling dicks.

Re:

[kot-begemot-uk]

Their security response team is first class. I worked with some of them around the time when the threats switched from viruses to the Internet in the 1990es and most of those people are still around and still active.

So, as far as security response I would trust them more than the Google clown show and the CERT teams in some of the other big companies.

Security response != Security. Two different ball games. Security response means dealing with an actual incident, not having secure code, secure infrastruc

So,

[rotorbudd]

Do they consider U.S. inelegance agencies as a "Nation State"?

Re:

[oldgraybeard]

Don't know about them, but I do! They are called the Deep State after all! And no one knows who they are working for.

Re:

[sg_oneill]

Nobody calls it "The Deep State" outside of paranoid conspiracy theorists. Theres no secret government, or shadowy cabal of spooky men in black trying to *check notes* uh build underground mole children cities, or however the fuck that loopy Q thing goes.

Three letter agency

[Malifescent]

Does this include spying activity from the Three Letter Agencies in the U.S.?

I'd rather doubt it.

If you know it's nation state activity, BLOCK IT!

[TheNameOfNick]

$RUSSIA is trying to exfiltrate data. Allow/Deny?