A joint cybersecurity advisory from the Cybersecurity and Infrastructure Security Agency and the FBI is urging critical infrastructure organizations to enhance their monitoring of suspicious activities in the Microsoft Exchange Online environment.
The CSA lists logging recommendations that organizations can implement to build up their cybersecurity defenses and improve the detection of anomalous activities in the cloud-based messaging platform, CISA said Wednesday.
According to the advisory, a federal civilian executive branch has identified and reported suspicious activity in its Microsoft 365 audit log to CISA and Microsoft.
The technology company’s network defenders discovered that advanced persistent threat actors accessed unclassified Exchange Online Outlook data. To prevent a similar incident, CISA and FBI recommended that FCEB agencies and critical infrastructure operators ensure that audit logging is enabled in their Microsoft Exchange Online environments.
