New Cyberattack Pattern and Resource!

New Cyberattack Pattern and Resource

The FBI has released a flash message about a new cyberattack pattern. Bad actors try to attach apps and APIs to Microsoft 365 accounts, to maintain access even after a compromise is "fixed" by changing passwords and flushing sessions.

A similar technique is being applied to Salesforce, ServiceNow, and other online SaaS resources—steal the credentials and then use the stolen credentials to build a backdoor trust relationship, to maintain access and exfiltrate data.

We need to be MUCH more careful with even a single compromised user account.

The K12 Security Information Exchange (K12 SIX) has created a checklist to go through if you encounter a compromised account.

Ensure you go through this full checklist when you encounter a compromised account, even if you have multi-factor authentication enabled:

Checklist: Mitigating Compromised K-12 Google Workspace/Microsoft 365 For Education Accounts

K12 SIX is the only national non-profit organization solely dedicated to protecting the U.S. K-12 community—including school districts, charter schools, private schools, and regional and state education agencies—from emerging cybersecurity threats. WSIPC has been a member of K12 SIX since January 2023.

Thanks to K12 SIX for maintaining this invaluable public resource!

WSIPC is a non-profit public agency that provides technology solutions, services, and support to K-12 schools. WSIPC’s purpose is to help schools do more with every dollar and to empower them with the tools to work smarter. To learn how your district can become part of the WSIPC Cooperative, contact us at info@wsipc.org or 425.349.6600.

WSIPC. Inspired by education. Empowered by technology.^TM