The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space.  In today’s episode with Yvonne Bernard – CTO at Hornetsecurity, we are analyzing data from the month of August 2023. 

During the episode, Andy and Yvonne explore the overall threat trends including:  

• The most common malicious file types used to deliver payloads, with HTML files taking the lead 

• The decline of malicious PDF and archive files, likely due to the disruption of Qakbot.  

• The industries that were most targeted over the past month as well as some brands that cybercriminals are impersonating in phishing attacks. 

• The impact of the FBI’s disruption of Qakbot. 

• The Storm-0558 breach. 

• A French government agency and a software vendor in the gaming space both had breaches that accounted for the PII of roughly 14 million individuals being stolen by threat actors. 

Timestamps:

(3:22) – General threat trends for this month’s data period 

(7:11) – What were the most used file types used for malicious payloads during the data period? 

(10:10) – What are the most targeted industries for this data period? 

(12:04) – The most impersonated brands from this month’s report 

(16:52) – Commentary on the FBI’s disruption of the Qakbot Botnet 

(22:54) – An update on the Microsoft Storm-0558 breach 

(33:46) – Data breaches account for 14 million lost records 

Episode Resources:

Full Monthly Threat Report – September 2023

EP07: A Discussion and Analysis of Qakbot 

Security Awareness Service

Andy on LinkedIn, Twitter, Mastadon 

Yvonne on LinkedIn 

Paul Schnackenburg joins Andy in this episode to discuss the recent rebranding of Azure AD to Microsoft Entra ID, as well as talk about some new identity features in the Microsoft Cloud. To kick things off, they provide a brief overview of what Microsoft Entra ID (previously known as Azure AD) is/was and its crucial role in the Microsoft Cloud ecosystem.

Amidst the changes, Andy and Paul emphasize a critical point: IT professionals and security experts primarily care about understanding a platform’s functionality, features, and ability to solve real-world problems. The name may change, but the core value remains the same.

Timestamps:

2:03 – Azure AD is Now Microsoft Entra ID

9:35 – Relevant Acronyms for the Identity Space

13:49 – Entra Internet Access

21:28 – Entra Private Access

26:44 – M365 / Entra ID Tenant Restrictions

30:23 – How Do These Features Factor Into the Storm-0558 Breach?

Episode resources:

Hornetsecurity 365 Total Protection

Podcast episode: Licensing Security Features in M365

Microsoft Entra ID

Azure Active Directory Domain Services

Find Andy on LinkedIn, Twitter or Mastadon

Find Paul on LinkedIn or Twitter

As cybersecurity professionals, MSSPs, and security vendors, we often get mired down in the weeds of the “tech” involved in the job and frequently struggle to convey the value of said technology to the C-Suite. With that said, we’re deviating from our regularly scheduled programming this week to bring you something of a “soft-skills” episode to address this key point.  

This week we’re excited to bring you the business and C-Suite knowledge of our very own Hornetsecurity Chief Operating Officer, Daniel Blank for a discussion on how you can get your leadership team to see value in technology, put priority on security, and ultimately sell cybersecurity to the C-Suite. Hope you enjoy! 

Timestamps:

2:23 – Conveying the Value of Cybersecurity to Leadership without Using the Fear Angle 

15:50 – Compliance and Similar Issues Often Drives C-Suite Attention 

26:05 – An Example – What Would Daniel Look for When Having to Make a C-Suite Decision? 

Episode Resources:

365 Total Protection 

Email Encryption 

Andy on LinkedIn, Twitter or Mastodon 

Daniel on LinkedIn 

In today’s episode, Andy and Umut are unravelling the transformative impact of AI in cybersecurity defense. Discover how AI empowers defenders with enhanced knowledge of setting up robust defense mechanisms, from firewalls to anomaly detection systems. Amidst the prevailing focus on AI’s darker aspects, this episode illuminates its positive role in the security space, equipping blue teams to match wits with increasingly intelligent adversaries. Our hosts, Andy and Umut, both distinguished members of the Security Lab at Hornetsecurity, will provide expert insights into how Hornetsecurity’s suite of products leverages AI to display a concrete example in the industry. 

Join us as we shift the narrative from AI’s potential for malicious use to how defensive toolsets and security experts are harnessing its power.  

Timestamps: 

3:12 – How has AI changed the threat landscape? 

6:10 – How can AI help blue teams? 

16:08 – An example of AI used defensively in a software stack 

26:24 – What advancements in AI in the security space are we likely to see in the future? 

Episode Resources:

EP08: Advanced Threat Protection: A Must Have in Today’s Ecosystem?

EP03: The Reemergence of Emotet and Why Botnets Continue to Return

Advanced Threat Protection

Security Awareness Service

OpenAI Cybersecurity Grant Program

AI can steal data by listening to keystrokes with 95% accuracy

Andy on LinkedIn, Twitter or Mastodon 

Umut on LinkedIn 

In today’s episode we have Eric Siron, Microsoft MVP, joining Andy for a discussion on the debated topic of On-Prem Security versus Cloud Security from a security standpoint. The digital landscape has transformed, raising questions about securing multiple cloud services, APIs, and the scattered user base. We explore how defenses have evolved and although default protections have strengthened, attack vectors have grown smarter with the growth of ransomware. Join us as we dissect these changes and their impact on modern security paradigms in an era where protection and adaptation are paramount. 

Disclaimer: This episode was recorded just before news of the Microsoft breach hit the headlines. Thus, while some of the perspectives may seem momentarily misaligned due to the unfolding events, the core insights and conclusions drawn remain the same.  

Timestamps:

3:50 – What is the current state of on-premises infrastructure in terms of security?  

12:37 – How does compliance factor into on-premises security? 

21:12 – Is Infrastructure in the cloud more secure? 

33:12 – Is “The Cloud” or “On-Premises” more secure? 

Episode Resources:

Monthly Threat Report – August 2023 

Andy and Paul Discuss M365 Security

Andy and Paul Discuss the Difficulty of Licensing Security Features in M365

Hornetsecurity Ransomware Survey Findings

The Backup Bible

Hornetsecurity’s Security Awareness Service

Information on Recent SEC Announcement

The Monthly Threat Report by Hornetsecurity brings you monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. Every month, Andy will be hosting an episode to dive into the key takeaways from the report. 

In today’s episode, Andy and Umut will be sharing a threat overview based on data from the Security Lab throughout July 2023. From the changing tactics in email attacks, to new brand impersonations and the impact of dark-web generative AI (Artificial Intelligence) tools like WormGPT, we will equip you with the right information to help you stay ahead of these new emerging threats.  

Episode Resources:

Monthly Threat Report – August 2023 

EP 01 – We Used ChatGPT to Create Ransomware

Andy on LinkedIn, Twitter or Mastodon 

Umut on LinkedIn 

In today’s episode, Andy has a special guest from our product development team at Hornetsecurity – Jean Paul (JP) Callus. The episode goes into an insightful discussion on how threats have morphed over the years. Andy and Jean Paul recount the days when backup primarily served as a safety net against accidental data loss and hardware failures. Fast forward to today, and backups have become a key weapon in the fight against ransomware and other sophisticated attacks. 

Tune in to discover the power of modern backups in the ever-evolving world of cybersecurity and how organizations can establish seamless data protection measures, ensuring minimal data loss and downtime in the face of cyber threats. 

Timestamps:

(2:16) – Ransomware continues to drive backup and recovery decisions.

(10:10) – How has the industry traditionally mitigated ransomware and how are things done now? 

(14:13) – Revisiting the 3-2-1 backup strategy and adding an extra “1” 

(16:10) – Cloud backups and WORM (Write Once Read Many) states. 

(19:10) – What other backup technologies play a role in security? 

(23:43) – Deduplication, Immutability, and Backup 

Episode resources:

Podcast EP01: We Used ChatGPT to Create Ransomware

Podcast EP05: What is Immutability and Why Do Ransomware Gangs Hate it?

Hornetsecurity Ransomware Attack Survey

VM Backup V9

The Backup Bible 

Find Andy on LinkedIn, Twitter or Mastadon

Find Jean Paul on LinkedIn

This SysAdmin Day, win with Hornetsecurity! 

If you are a System/IT Admin and use Hyper-V or VMware, celebrate with us by signing up & trialling VM Backup V9 for a chance to win a Pixel Tablet! Find out more information here. 

Join us for an insightful discussion on the topic of licensing Microsoft 365 security features. Microsoft Certified Trainer, Paul Schnackenburg, joins us once again to share his valuable insights on how M365 licensing practices have evolved and why they’ve become so complex. 

In this episode Andy and Paul look at all the different ways native security features in M365 are licensed, what challenges come along with that process, how the process is confusing and more! This includes some discussion around how M365 licensing in general is flawed as well as how third-party software vendors help plug-in and do what they can to simplify this mess. 

Timestamps:

2:22 – O365 licensing vs M365 licensing 

5:06 – Is the complexity in M365 licensing deliberate? 

7:09 – Licensing and security with M365 business 

13:30 – Licensing and security in the M365 Enterprise SKUs 

19:30 – What about the EMS Suite? 

21:42 – What are E5 Compliance and E5 Security? 

28:05 – How can a 3rd party vendor help make licensing security features easier? 

Episode Resources:

SysAdmin Dojo Podcast Episode on General M365 Licensing 

Andy and Paul’s M365 Compliance Webinar

Defender for Endpoint

Hornetsecurity Services

Find Andy on LinkedIn, Twitter or Mastadon

Find Paul on LinkedIn or Twitter

We’re back for another episode with Philip Galea, R&D Manager at Hornetsecurity. In today’s episode, Andy and Philip discuss the frustrations and challenges IT admins face when managing permissions and sharing effectively in SharePoint Online.

As more organizations embrace remote work, collaborate with external freelancers, and rely on tools like Microsoft Teams and emails for sharing files, the need to manage permissions has become crucial. Tune in to this episode to learn about the complexities of SharePoint and discover ways to regain control over your access management.

Timestamps:

4:44 – The problems with managing permissions in SharePoint Online

8:34 – The ease of file sharing in M365 has created a problem.

11:16 – Have SharePoint security capabilities just been “lifted and shifted” to the cloud?

14:43 – The egregious problem with duplicate named SharePoint custom roles.

23:32 – What should M365 admins be doing about this problem?

27:10 – Behind the scenes with M365 Permission Manager by Hornetsecurity

Episode Resources:

365 Permission Manager

Introducing 365 Permission Manager – Webinar

Find Andy on LinkedIn, Twitter or Mastadon

Find Philip on LinkedIn

As more organizations embrace remote work and collaboration with external freelancers, handling permissions becomes increasingly critical.

With the reliance on tools like Microsoft Teams and emails for file sharing, the complexities of SharePoint Online have become evident. Therefore, we at Hornetsecurity offer a proper solution to this permissions management nightmare: 365 Permission Manager.

365 Permission Manager is the ultimate savior, providing a seamless approach to permissions management in SharePoint Online. Most notable features:

Simplify Managing Permissions at Scale

Gain a comprehensive overview of your organization’s M365 permissions for SharePoint, OneDrive, and Microsoft Teams. Use advanced filtering to quickly identify accessible items for external users or guests and detect broken permissions. Transparently view users’ effective access rights by breaking down nested groups.

Take Back Control with Compliance Policies

Ensure SharePoint, Teams, and OneDrive data compliance with our GRC service. Implement out-of-the-box best practice policies or create custom ones. Immediate notifications alert site owners to violations, allowing timely intervention.

Receive Alerts for Critical Shares

Stay informed with daily summaries of permission changes across your M365 tenant. Identify newly shared items with “Everyone,” anonymous users, or external guests.

Take Quick Actions

Fix permissions on multiple sites, manage external sharing access levels, and remove indirect company-wide access. Easily remove orphaned user permissions with a single click.

Achieve Effective Compliance With Our GRC Service

Use the Audit function to approve or reject compliance violations by reverting sites to assigned policies or removing unauthorized access.

Receive Comprehensive Reporting

Generate reports for documentation and compliance, highlighting externally accessible files and access details for specific groups or users across sites, files, and folders.

Join host Andy and special guest Martin Tanner from ADM Computing as they discuss real-life security horror stories. This fun and engaging episode was recorded live at Infosecurity Europe in London. Expect to hear interesting stories which both Andy and Martin have experienced first-hand. 

With a mix of humor and valuable insights, this episode is a must-listen for anyone interested in the fascinating, and at times terrifying, world of real-life security horror stories. 

Timestamps: 

2:28 – The Dangers of Unmanaged IOT devices 

5:30 – Hacked Video Conferencing Unit and Premium Rate Numbers 

8:18 – Email Forwarding Rules and Data Leakage 

11:59 – The Need for Proper Backup and Archival + Scheduled Payment Woes 

15:40 – Rogue Admin and Embezzlement 

18:17 – A Flattened Network and Ransomware Infection 

22:16 – The Publicly Accessible Hypervisor 

Episode Resources:

Security Awareness Service

Email Encryption from Hornetsecurity

Email Encryption Fact Sheet

Find Andy on LinkedIn, Twitter or Mastadon

Find Martin on LinkedIn