As more and more organizations move their operations to the cloud, there has been an increasing concern about the security of their data. In particular, Microsoft cloud services have become a popular target for hackers looking to exploit vulnerabilities and gain access to sensitive information. To combat this threat, the Cybersecurity and Infrastructure Security Agency (CISA) recently unveiled a new tool designed to detect hacking activity in Microsoft cloud services. In this article, we’ll explore the capabilities of this tool, how it can help organizations protect themselves from cyber attacks, and what steps you can take to improve your own cloud security.
A new open-source incident response tool has been released by the U.S. Cybersecurity & Infrastructure Security Agency (CISA) to help detect signs of malicious activity in Microsoft cloud environments. Developed in collaboration with Sandia, a U.S. Department of Energy national laboratory, the tool is known as the ‘Untitled Goose Tool’ and uses Python to dump telemetry information from Azure Active Directory, Microsoft Azure, and Microsoft 365 environments. The tool is a flexible hunt and incident response utility that offers novel authentication and data gathering methods to enable a full investigation against a customer’s cloud environments. Additionally, the tool gathers extra telemetry from Microsoft Defender for Endpoint (MDE) and Defender for Internet of Things (IoT) (D4IoT). CISA has provided a cross-platform Microsoft cloud interrogation and analysis tool that allows security experts and network admins to review AAD sign-in and audit logs, M365 unified audit log (UAL), Azure activity logs, Microsoft Defender for IoT alerts, and Microsoft Defender for Endpoint data for suspicious activity. Furthermore, it allows them to query, export, and investigate AAD, M365, and Azure configurations and to perform time bounding of the UAL and extract data within those time bounds. Finally, the tool enables users to collect and review data using similar time-bounding capabilities for MDE data. CISA has also released other tools to help protect against cyber threats, including ‘Decider’ to help defenders generate MITRE ATT&CK mapping reports, Ransomware Readiness Assessment for its Cyber Security Evaluation Tool (CSET), and guidance to prevent data breaches resulting from ransomware attacks for private sector and government organizations.
In conclusion, the new CISA tool could be a game-changer in the world of cloud computing. With more companies relying on Microsoft cloud services, there is a higher risk of cyberattacks. The new tool detects these attacks in real-time and enables organizations to take immediate actions to prevent any further damage. This tool is a great addition to the existing security measures and offers an extra layer of protection to the users. With security threats becoming more sophisticated, it’s essential to stay vigilant and constantly update security measures to stay ahead of the risk. CISA’s new tool is a step in the right direction towards a more secure cloud environment.
