Microsoft to add 'nation-state activity alerts' to Defender for Office 365
Microsoft is working on adding a new security alert to the dashboard of Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection) that will notify companies when their employees are being targeted by nation-state threat actors.
The feature was added on Saturday to the Microsoft 365 roadmap website.
The idea behind the feature is not new. Since 2016, Microsoft began tracking nation-state hacking groups and the attacks they orchestrate against Microsoft email accounts.
If a user is targeted or compromised in one of these attacks, Microsoft sends them an email about the attack, along with basic advice they need to take to re-secure their inbox and devices.
Microsoft said in 2019 that it usually notifies around 10,000 users per year of nation-state attacks.
But the problem with this notification procedure is that it relies on users reading their email and taking action, which doesn't always happen. Users don't read their emails daily, or it might sometimes take hours before the user reaches the notification in crowded inboxes, a time during which attackers could use to steal sensitive documents.
For organizations who are customers of Microsoft's Office 365 service, the OS maker now plans to add these notifications inside the dashboard of Microsoft Defender for Office 365, the cloud-based security platform that scans a company's Office 365 accounts for threats.
This way, the notification will also appear for system administrators and security teams, who can act on it right away by calling the affected employees personally, resetting email account passwords, resetting other internal passwords, or by initiating a broader security audit.
The OS maker expects to have this feature ready by the end of the month.
Besides Microsoft, which does this for Microsoft Outlook email accounts, similar alerts for nation-state attacks are also available for Yahoo accounts, public Gmail accounts, and G Suite accounts. Facebook also warns users of nation-state attacks against its social media accounts.