By Suhaas Kodagali – Director, Product Administration
October 28, 2024 4 Minute Learn
In current incidents, the Black Basta ransomware group has been utilizing Microsoft Groups chat messages as a misleading communication channel with focused customers. In a brand new wave of ransomware assaults, the Black Basta group, whose members have infiltrated company networks through the use of phishing, malware botnets, and social engineering, are actually utilizing Microsoft Groups to get entry to an organization’s company information.
The group is often recognized to make use of emails posing as IT assist desk workers to supply help after which trick workers to offer entry by offering credentials or putting in distant entry instruments. Now, they’re posing as IT assist desk personnel in Microsoft Groups utilizing exterior person accounts with misleading names equivalent to a “Assist Desk”. By including customers to chats with exterior accounts from fraudulent Entra ID tenants, attackers have posed as assist, admin, or help-desk workers, utilizing deceptive show names to trick customers into believing they’re interacting with reputable help-desk representatives.
This occasion is a stark reminder of how collaboration instruments, whereas important to trendy workflows, may also expose delicate information to cyber threats, particularly when visitor or exterior customers are concerned. Leveraging a Cloud Entry Safety Dealer (CASB) answer with superior Information Loss Prevention (DLP) capabilities can assist mitigate these dangers by figuring out and eradicating delicate content material in unauthorized interactions, in the end strengthening enterprise information safety towards focused ransomware assaults. Right here’s how CASB-driven DLP insurance policies can assist determine and take away delicate content material throughout Microsoft Groups, SharePoint, and OneDrive, making a safer setting for enterprise collaboration.
Key Skyhigh CASB Capabilities for Microsoft Groups Information Safety
With Skyhigh CASB, organizations achieve granular management over the delicate content material shared of their Microsoft Groups setting in addition to the best way it’s collaborated. Safety directors can outline Information Loss Prevention (DLP) insurance policies to determine and take away delicate information shared with unauthorized customers. They’ll additionally implement insurance policies round sharing with exterior customers and revoke entry to exterior customers as required to allow them to mitigate dangers related to malicious actors or inadvertent information sharing.
Skyhigh CASB integrates seamlessly with Microsoft Groups, SharePoint, and OneDrive to observe and implement DLP and collaboration controls throughout all related channels together with Groups Channels, OneDrive information, and SharePoint websites. Safety admins can use Skyhigh to implement collaboration controls at a number of ranges:
- Area based mostly sharing management
Exterior collaboration, whereas it poses its dangers, could be a worthwhile productiveness instrument to work with contractors and companions. Skyhigh clients use area based mostly sharing controls the place they’ll prohibit sharing solely to particular domains, that are permitted by the safety crew as licensed companions, distributors, or contractors. So, an worker makes an attempt to ask an exterior person who is just not a part of this pre-approved listing to a Groups dialog, then Skyhigh will revoke this sharing request. - Block delicate information sharing with an exterior person in a Groups Channel
Safety admins can use Skyhigh’s controls to dam sharing of delicate information with exterior customers. When a person shares delicate information in a Groups channel that has an exterior person, Skyhigh detects the presence of delicate information and in addition flags that the channel has customers from exterior the corporate, and it revokes sharing of this information. The identical management could be utilized at a person degree as properly. When an exterior person is added to a Groups channel that incorporates delicate information, then Skyhigh can revoke entry for the exterior person. By permitting safety admins to merge collaboration-based and content-based controls in a single coverage, Skyhigh offers safety groups granular management over collaboration and content material sharing on Groups and different Workplace apps. - Revoke unauthorized collaboration retroactively
Skyhigh’s controls over content material and collaboration are enforced in near-real time, making certain excessive ranges of knowledge safety for patrons. Nonetheless, Skyhigh additionally offers clients the choice of implementing these controls retroactively utilizing on-demand scans. That is helpful when a brand new Skyhigh buyer desires to make sure their Groups deployment aligns with the corporate’s safety insurance policies. They’ll execute their content material and collaboration insurance policies en masse over all of the Groups channels and chats and apply the required remediations the place insurance policies have been violated. This helps clients to make sure their full safety for delicate information inside Groups and different workplace apps. - Superior information safety insurance policies on Groups
When making use of content-based controls on information shared by way of Groups, Skyhigh offers clients with probably the most complete and granular controls within the business. Apart from the usual out-of-the-box classifications for widespread information sorts, Skyhigh offers clients entry to superior information safety controls, together with structured and unstructured fingerprinting and OCR capabilities. So, if a buyer makes an attempt to exfiltrate buyer information within the type of a screenshot, Skyhigh can detect the presence of buyer information from an current structured information fingerprint inside a picture and block the sharing of this file. - Collaboration Controls throughout Workplace functions
The content material and collaboration controls have been mentioned largely within the context of Microsoft Groups because it was the exfiltration technique utilized by the Black Basta group. However Skyhigh’s collaboration and content material controls could be utilized throughout all Workplace apps, together with Microsoft SharePoint, OneDrive, and Trade. Safety Groups not often look to use controls solely on one utility. They often outline the controls and prolong these throughout all apps which comprise delicate company information. So, Skyhigh has designed the identical collaboration controls to use to unauthorized sharing of knowledge whether or not it’s in a Groups channel or a SharePoint website or a OneDrive file or an e mail despatched by way of Microsoft Trade.
Setting Up DLP Insurance policies for Efficient Microsoft Groups Safety
To configure the DLP insurance policies that shield Microsoft Groups environments, directors can observe these steps:
- Outline the precise kinds of delicate information (e.g., bank card numbers, social safety numbers) that require monitoring.
- Outline guidelines round collaboration and outline licensed exterior collaborators.
- Apply content material and collaboration insurance policies throughout Groups, SharePoint, and OneDrive situations for complete information protection.
- Frequently evaluation and replace insurance policies to align with evolving safety necessities, new information sorts, and collaborators.
- Strengthen Your Safety Posture In opposition to Ransomware Threats.
The Black Basta ransomware assault on Microsoft Groups underlines the necessity for strong information governance and safety in enterprise collaboration instruments. With Skyhigh CASB, organizations can confidently handle delicate data, decrease the danger of publicity to unauthorized customers, and keep forward of evolving cyber threats.
Skyhigh CASB is your trusted accomplice in defending information throughout your Microsoft Groups setting, serving to you safe delicate data from ransomware teams and different malicious actors.
