Reply to post: Already exploited

White-listing Azure cloud connections to grease your Office 365 wheels? About that...

Anonymous Coward
Anonymous Coward

Already exploited

A few months ago someone tried a day zero spearfishing attack against our systems.

They hacked a trusted third party contractor that used azure and office365. Generated a new subdomain in their name under azure und hosted malware.

Then they used the office365 contact list to send some of our users genuine looking emails with links to the new nasties (in most cases replys to requests).

They breached two defense layers and one internal user clicked. The other defense layers did prevent any access to the nasties. An no, we do not trust office365 or azure domains more than we can throw them.

MS enterprise shills are constantly trying to move us off premise. The last presentation had our data protection officer and our legal compliance office leaving the room laughing like the BOFH after the second ambulance.

Lessening the defense for MS clouds? If you do it, then rember: Down, not across when you try to end the misery.

Anon, because

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon