Tag: AccountGuard

In recent months, we’ve worked closely with political campaigns and parties who are protected by our AccountGuard threat notification service and conducted hundreds of security trainings ahead of the 2020 elections. We’ve heard one repeated request throughout these engagements: Those involved in the democratic process want more protection for what we call identity management, or the ability for their staff to securely log into their accounts and access their email and files while preventing unwanted intrusions. Greater security in this area would help prevent the “hack-and-leak” scenario where cybercriminals or foreign governments steal a campaign official’s emails and release them online.

Starting today, we’re bringing Microsoft’s enterprise-grade identity and access management protections to AccountGuard members in the U.S. at no cost to further help secure them ahead of the 2020 elections. We’re also announcing a new partnership with Yubico to provide phishing-resistant security keys to AccountGuard customers. For political campaigns and committees, these services will be offered through Defending Digital Campaigns, a non-profit and non-partisan organization that has been authorized by the Federal Elections Commission to provide campaigns with free or low-cost technology from a variety of companies. Our Defending Democracy Program will also work directly with democracy-focused non-profit organizations and think tanks enrolled in AccountGuard to help them use these protections.

There are a range of identity and access management protections we’ll offer as part of this, but five examples, which we believe are protections that benefit all campaigns, include:

Multi-factor authentication: While all Microsoft business and consumer email services support multi-factor authentication, what we’re announcing today contains extra protection against phishing for those using this important feature. Customers can now use the Authenticator app on their phones or hardware keys from Yubico as another factor for identity protection.

Single sign-on: This feature enables one set of credentials to be used securely across hundreds of cloud apps, making it easier for a staffer or campaign official to access the apps they need with a high level of security but also more quickly and easily.

Conditional access policies: This is the ability for a campaign to help ensure only the right people are logging into their network by setting conditions such as the behavior people can use to navigate to their accounts, where they are physically located, what kinds of devices they might be using and what applications they might be using.

Privileged identity management (PIM): This includes security features enabling campaigns to manage, control and monitor access to important resources in the organization. PIM will provide time-based and approval-based authorization to access certain resources and lessen the risk of excessive, unnecessary and misused access permissions to sensitive resources.

Access governance: Campaigns have vendors, staffers and volunteers who come and go, and this set of features helps automatically terminate access when they depart an organization or complete a project, shrinking the number of entry points for a hacker.

Our new partnership with Yubico, the recognized industry leader in physical security keys, will provide YubiKeys to AccountGuard customers for defense against phishing and other cyberattacks. Yubico will provide 10 YubiKey 5 Series security keys, to be used on compatible computers or phones, to any AccountGuard-covered organizations for free, for a limited time, plus up to an additional 40 keys at a 50% discount.

We know that many political campaigns do not have dedicated IT support staff, and today’s news comes with hands-on help for those that need it. Deployment assistance for the technologies in today’s news will be provided to AccountGuard customers as an included benefit through our FastTrack program or through our FastTrack-ready partners. A dedicated team of deployment engineers will be available to help provide remote assistance and guidance, and Microsoft partner Patriot Consulting Technology Group will offer additional onboarding support, integration and trainings.

Any AccountGuard-eligible customer can learn more about enrolling in AccountGuard or taking advantage of the tools announced today by contacting [email protected]. While we’re offering this to U.S.-based AccountGuard customers ahead of the 2020 U.S. election, we will explore offering it in other geographies in the future.

Tags: cyberattacks, cybersecurity, elections, Microsoft AccountGuard, multi-factor authentication, phishing, Privacy and Security

We’re deeply concerned about cyberattacks impacting workers on the front lines of the COVID-19 fight. News reports have shown recent criminal or nation-state attacks targeting Brno University Hospital in the Czech Republic, Paris’ hospital system, the computer systems of Spain’s hospitals, hospitals in Thailand, medical clinics in the U.S. state of Texas, a healthcare agency in the U.S. state of Illinois and even international bodies such as the World Health Organization. Our teams at Microsoft have also detected and responded to attacks targeting the healthcare sector in many countries, and we know they are coming from criminals and multiple nation-states. In addition, our threat intelligence teams have identified nation-state attacks against human rights organizations around the world for some time, both prior to and during the COVID-19 pandemic.

That’s why, starting today, we’re making our AccountGuard threat notification service available at no cost to healthcare providers on the front lines as well as human rights and humanitarian organizations around the world. Healthcare organizations can sign up here, and human rights and humanitarian organizations can sign up here.

Every patient deserves the best possible healthcare treatment, and we all need to thank and applaud the truly heroic work by those risking their own health to help those who are sick. Their work is challenging enough but is being made more difficult by cyberattacks, now or in the future. Some attacks, such as the one on Brno University Hospital, have resulted in delays in COVID-19 testing, new patients being turned away and treatments being postponed. Others, such as the attack in Illinois, have held up access to critical COVID-19-related healthcare guidance.

Nearly all these attacks have two things in common: a person and email. An attacker will often disguise malicious content as a message from a health authority or medical equipment provider. These emails sent to work or home inboxes seek to obtain the person’s credentials and often contain documents or links that will infect a computer and spread the infection through a network, enabling attackers to control it. In some cases, attackers could be looking for COVID-19-related intelligence, or to disrupt the provision of desperately needed care or supplies. With today’s announcement, we are seeking to notify customers when we see attacks and provide guidance to help.

Microsoft AccountGuard, which we first offered to political campaigns through our Defending Democracy Program, monitors nation-state threat actors targeting enterprise mailboxes and the personal email accounts of employees or volunteers who opt in. This gives our threat intelligence teams a broad view of the avenues attackers typically use. When we see such activity targeting an organization enrolled in AccountGuard, we notify them immediately so they can take steps to stop an attack or root out the attacker. AccountGuard has previously been available to political campaigns, parties, members of the U.S. Congress and democracy-focused non-profits. Nearly 100,000 email accounts in 29 countries are enrolled in AccountGuard and we’ve made 1,450 threat notifications to those participating.

Through today’s announcement, we’re making AccountGuard available to healthcare providers including hospitals, care facilities, clinics, labs and clinicians providing front line services as well as pharmaceutical, life sciences and medical devices companies that are researching, developing and manufacturing COVID-19-related treatments. Our notifications will help these organizations defend against nation-state attacks, and our AccountGuard advice and training support will help them harden their defenses against all forms of cyberattacks. AccountGuard for Healthcare will be available until the COVID-19 pandemic subsides.

In addition to making AccountGuard available to those working directly in the healthcare field, another important part of today’s announcement is the availability of AccountGuard for worldwide human rights and humanitarian organizations. Today, nearly every human rights or humanitarian organization is focused on protecting the rights of people impacted by COVID-19 whether it’s supporting hospitals in conflict zones, amplifying the voices of medical professionals, helping to ensure elections are conducted safely in new ways or helping children who are out of school. In many instances, nation-states and cyber criminals use attacks to gain intelligence on these organizations and the people who these groups protect, or to disrupt their work.

While cybersecurity threats are not new to human rights defenders, these groups have been increasingly under attack, even before the pandemic arose. In the past year, the Microsoft Threat Intelligence Center, or MSTIC, has tracked five separate nation-state activity groups that have attempted nearly nine hundred times to target or compromise hundreds of accounts belonging to employees of nine prominent human rights organizations around the world. Protecting these organizations has never been more important.

Leading human rights and humanitarian organizations including Amnesty International, CyberPeace Institute, Freedom House, Human Rights Watch and Physicians for Human Rights have already registered for our AccountGuard threat notification service through an initial pilot.

Both AccountGuard for Healthcare and AccountGuard for Human Rights Organizations will initially be available to organizations in the 29 countries where we already offer AccountGuard, subject to review of local laws and regulations, and we will be adding new countries based on need and local law. AccountGuard is available to organizations using Office 365 for business email and extends additional security to the personal accounts of their front line workers who use Microsoft’s consumer email services such as Outlook.com and Hotmail.

Whether you’re a front line worker or not, it’s always important to make sure you trust the sender of an email before you open it, that you look out for misspellings or slight inaccuracies in emails that may offer clues of an untrustworthy message, and that you know you trust a URL before you click on it. We’ve published more on protecting yourself from COVID-19-related phishing attacks here. Today’s news is in addition to the work we’ve already announced to track and prevent cyberthreats targeting healthcare organizations and our announcement yesterday on providing non-profits working on the COVID-19 response with greater access to technology.

Tags: COVID-19, cyberattacks, cybercrime, Microsoft AccountGuard, Microsoft Threat Intelligence Center

Soon millions of Europeans will head to the polls to cast their ballots in the European Parliament elections, as well as several key national elections. We believe it’s critical that organizations underpinning the democratic process have access to state-of-the-art cybersecurity protection as we’ve seen and continue to see efforts by nation-states and others to influence elections in democracies around the world including in Europe. Today we’re announcing the expansion of Microsoft AccountGuard to twelve new markets across Europe, providing comprehensive threat detection and notification to eligible organizations at no additional cost and customized help to secure their systems.

Continued cyberattacks against European organizations

We all saw hacking and disinformation attacks on the French presidential election in 2017, and European leaders have recently warned that attacks will continue across Europe in 2019. At Microsoft, we’ve seen recent activity targeting democratic institutions in Europe as part of the work our Threat Intelligence Center (MSTIC) and Digital Crimes Unit (DCU) carry out every day to protect all of our customers.

These attacks are not limited to campaigns themselves but often extend to think tanks and non-profit organizations working on topics related to democracy, electoral integrity, and public policy and that are often in contact with government officials. For example, Microsoft has recently detected attacks targeting employees of the German Council on Foreign Relations, The Aspen Institutes in Europe and The German Marshall Fund.

The attacks against these organizations, which we’re disclosing with their permission, targeted 104 accounts belonging to organization employees located in Belgium, France, Germany, Poland, Romania, and Serbia. MSTIC continues to investigate the sources of these attacks, but we are confident that many of them originated from a group we call Strontium. The attacks occurred between September and December 2018. We quickly notified each of these organizations when we discovered they were targeted so they could take steps to secure their systems, and we took a variety of technical measures to protect customers from these attacks.

Consistent with campaigns against similar U.S.-based institutions, attackers in most cases create malicious URLs and spoofed email addresses that look legitimate. These spearphishing campaigns aim to gain access to employee credentials and deliver malware.

The attacks we’ve seen recently, coupled with others we discussed last year, suggest an ongoing effort to target democratic organizations. They validate the warnings from European leaders about the threat level we should expect to see in Europe this year.

Expanding Microsoft AccountGuard offering

We’re making Microsoft AccountGuard available starting today in twelve more European markets: France, Germany, Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal, Slovakia, and Spain. The service is already available in the U.S., Canada, Ireland, and the UK – bringing the total number of European countries with access to the service to fourteen. The markets for which we’re announcing AccountGuard today represent places where we’ve been able to expedite the work needed to offer AccountGuard quickly, and we plan to expand AccountGuard to additional markets in Europe in coming months.

Microsoft AccountGuard, which is part of our Defending Democracy Program, is a state-of-the-art cybersecurity service available at no extra cost to all political candidates, parties, and campaign offices operating at a local or national level. It is also available to think tanks, non-profits, and nongovernmental organizations working on issues related to democracy and electoral integrity. Microsoft AccountGuard is offered free-of-charge to organizations using Office 365.

The service provides notification of cyber threats, including attacks by known nation-state actors, across both email systems run by organizations and the personal accounts of these organizations’ leaders and staff. Eligible organizations can invite selected staff and other associates to enroll, and notification will only occur with the consent of the account owner. Organizations can get protection for external individuals helping with a campaign, board members of non-profit organizations, or volunteers. When we detect threats, we will work directly with participating organizations to notify them and help them secure their systems.

AccountGuard also provides covered organizations guidance to help make their networks and email systems more secure. This can include applying multi-factor authentication, installing the latest security updates, and guidance for setting up systems that ensure only those people who need data and documents can access them. AccountGuard also provides briefings and training to address evolving cyberattack trends as well as preview releases of new security features on a par with the services offered to our large corporate and government account customers.

To register for the service or to learn more, click here. You can find more information about Microsoft AccountGuard in my previous blog post. While AccountGuard is currently available for the campaign accounts of elected officials, we hope in the near future to offer it for government-run accounts, like official accounts of the European Parliament.

Protecting the birthplace of democracy

Europe is regarded as the ‘birthplace of democracy’. It was here that the principles of representative democracy were laid down – principles that have since been replicated across the globe. However, as the ongoing attacks demonstrate, this idea is increasingly under threat.

We believe the work of organizations like The German Marshall Fund and its Alliance for Securing Democracy are an essential part of efforts to secure democracies against those who seek to undermine it. Many organizations essential to democracy do not have the resources or expertise to defend themselves against cyberattacks. That is why we believe that technology providers have a responsibility to help. Microsoft AccountGuard offers additional security measures tailored to how these organizations operate. However, we recognize that we cannot solve this problem alone. That is why we are committed to continue working with local, national, and regional authorities as well as our industry peers to help protect democratic processes.

Tags: cybersecurity, elections, EU elections, Microsoft AccountGuard

By Hugh Milward, Microsoft UK Director, Corporate External & Legal Affairs

Today, we’re taking another important step forward in protecting democracy with the launch of Microsoft AccountGuard for the UK, part of our Defending Democracy Program and an expansion of AccountGuard for the US, announced in August.

We work with governments and other customers around the world daily to help them take steps to strengthen their security and concerns have been raised about possible interference in elections. We have seen foreign entities attempting to carry out cyberattacks and attempting to undermine trust in the democratic process.

Effective immediately, Microsoft AccountGuard is open to all candidates running for office; the campaign organisations of all elected politicians; political parties; technology vendors who primarily serve campaigns and committees; and certain charity and non-governmental organisations, such as bodies that organise the electoral process, involved in the democratic process.

The service will provide notification about cyberthreats, including attacks by known nation-state actors, in a unified way across both email systems run by eligible organisations and the personal accounts of these organisations’ leaders and staff. It will also offer ongoing security guidance and education and provide early adopter opportunities for security features.

The technology is free of charge to eligible organisations using Office 365 and is designed to protect organisations that underpin democracy from cyberattacks. Interested organisations can visit www.microsoft.com/accountguard to learn more.

As we’ve said before, we know that Microsoft can’t solve this challenge alone, and as we continue to expand the program, we’ll look for opportunities to work with others across government, civil society and industry.

Tags: AccountGuard, democracy, Government, microsoft, office