Cybereason Labs Research: A New Persistent Attack Methodology Targeting Microsoft OWA
Cybereason Labs Senior Researcher Yoav Orot together with Cybereason CTO and Co-Founder Yonatan Striem-Amit published today their analysis of a real and unique APT technique that was recently detected by the Cybereason platform in one of our customer’s environments.
The victim, a Cybereason POC customer, suspected that it had an infected server due to several behavioral abnormalities spotted by its security team. The company reached out to Cybereason which deployed the Cybereason platform across the customer’s entire environment of 19,000 endpoints.
Within several hours, the Cybereason platform detected a unique attack. The attack targeted Microsoft Outlook Web Application (OWA), an internet-facing webmail server in a way that enabled the attackers to record authentication credentials and be provided with complete backdoor capabilities to the victim’s environment. By using this approach, the hackers managed to collect and retain ownership over a large set of credentials, allowing them to maintain persistent control over the organization’s environment.
Read the research report to find out:
This case clearly demonstrates the ability of Cybereason to detect complex cyber-attacks that use new-to-the-world attack techniques. To learn how Cybereason can help your organization detect and respond to APTs, schedule a demo today.