Well, nice try Russia. In the spirit of Atlanta Hawks great, Dikembe Mutombo, Microsoft denied the Russian sponsored hacking group APT28, which is also referred to as Strontium or Fancy Bear. The organization has received extensive coverage recently because of its direct ties to the 2016 Presidential Election. Yet, this time they were not successful in their attempts.
According to the Washington Post coverage, this group created several sites in the last 2-4 months mimicking the Hudson Institute (a conservative Washington think tank active in investigations of corruption in Russia), the International Republican Institute (IRI), several fake entities claiming affiliation with the Senate, and one of Microsoft’s own online products. Out of the six sites, four of them contained Microsoft related verbage in their domain names, such as "sharepoint", "adfs", "office365", and "onedrive".
The purpose of these sites were to direct traffic to malicious locations where unsuspecting visitors would pick up various forms of malware. In other cases, the site would solicit the visitor to deposit information that could then be later used for future attacks or coordinated manipulation efforts.
After the Microsoft’s Digital Crimes Unit (DCU) detected the beginnings of a malicious campaign, Microsoft used a previously successful tactic of getting court ordered access to the domains to transfer them to their own servers, research them, and shelve them. It's a move committed to muscle memory, as they've had to execute it against 84 sites (ran by APT 28) prior.
David Tell of the Hudson Institute, one of the victims, remarked “This kind of stuff does happen. It’s happened to us before,” “It doesn’t surprise me that bad actors in nondemocratic states would want to mess with us.”
It's Happened to Us Before
Due to the repeated attempts on political institutions and organizations involved in the political process, Microsoft has decided to openly offer up their security services to these organizations at a discounted rate: free.
Here's an excerpt from Microsoft's release:
"We are expanding Microsoft’s Defending Democracy Program with a new initiative called Microsoft AccountGuard. This initiative will provide state-of-the-art cybersecurity protection at no extra cost to all candidates and campaign offices at the federal, state and local level, as well as think tanks and political organizations we now believe are under attack. The technology is free of charge to candidates, campaigns and related political institutions using Office 365."
If you drill down into what is being offered, essentially all of the security features and benefits of Office 365 GCC are being offered free of charge. For example, Microsoft Threat Intelligence Center is included and enables Microsoft to detect and provide notification of attacks in a unified way across both organizational and sensitive email/data systems.
It's Happened to You Before
Recent reports from Microsoft have reported that they detect 180,000,000-200,000,000 phishing emails each month. This includes emails with malicious links and attachments, domain spoofs, user impersonation, and links to fake SaaS apps. They have also estimated that 20% of small to medium sized businesses have been attacked with ransomware or through brute force methods. It is no surprise that the number is higher for government contractors - over 50%.
All businesses face security threats on premises and in the cloud, and truly the only way to keep up with threats and stay competitive is by coming to the cloud, where Azure and Office 365 Security teams can help you.
Microsoft has 3500+ security professionals that work tirelessly to make sure customers of all business types maintain a secure cloud infrastructure. Additionally, Microsoft spends over $1 billion per year in security research and development to stay ahead of attacks and attackers. Azure provides additional tools for you to leverage to protect your resources on the platform.
The Political Process is Important, but So is Defending It... The Importance for Government Contractors
You will be attacked, and in all likelihood you have already. With the Government trending towards heavier enforcement and changes in the contract award process, it is imperative to protect the Government's data and your contracts. The same foundational security practices that identified this coordinated attack, will prevent attacks on your business.
Office 365 and Azure can be configured to meet DFARS 7012 and NIST 800-171. The other options cannot.
Don't wait. Begin the process now by looking at your licensing options. You can also download the updated licensing guide to compare certain features and offerings across the Microsoft Office 365 and Azure portfolio.