Microsoft to add alerts for nation-state attackers to Defender

Microsoft to add alerts for nation-state attackers to Defender

Microsoft is in the process to add a new security alert to the dashboard of Microsoft Defender for Office 365 (formerly referred to as Office 365 Advanced Threat Protection). It will notify companies when employees are targeted by known nation-state threat actors.

The feature was first added on Saturday to Microsoft 365 roadmap website. The idea behind this feature is not a new one and can be traced back to as early as 2016 when Microsoft started tracking nation-state hacking groups and the attacks conducted at Microsoft email accounts.

If a user is targeted or compromised by such attacks, Microsoft sends them an email about the attack and basic actions to take to resecure.

It started a while back

Microsoft said in 2019 that it usually notifies around 10,000 users every year of nation-state attacks. There is a problem with this notification procedure though since it relies on users to read their emails and take action, which is not what most people do.

Users might not read their emails every day and might take hours before they can reach the notification in a crowded inbox.

Such precious time could be used by the attackers to steal sensitive information and make an exit before anyone notices.

A more effective approach

For organizations that use Microsoft’s Office 365 services, the plan is to add the notifications inside the dashboard of Microsoft Defender for office 365 (the cloud-based security platform that scans a company’s accounts for threats.

The notification will appear in sysadmins and security teams’ devices. This will allow them to act immediately by calling the affected account holder personally and resetting passwords among other preventive actions.

The software giant is expected to have the feature ready by the end of this month.