Detecting Compromised Accounts that Log In from Malicious IP Addresses
Compromised accounts are now detected if they log in from an IP address known to Check Point as malicious.
BEC attacks have become more sophisticated and attackers are more proficient in hiding their trails when acting on behalf of an account they took control of.
Harmony Email & Collaboration now introduces a new method of detecting compromised accounts based on the IP address from which they logged into Microsoft 365.
Users logging into Microsoft 365 from IPs we detected as sources of phishing emails or from any one of the IP addresses known to Check Point as malicious, will be flagged as compromised (Critical Anomaly).
If you already enabled automatic blocking of compromised accounts, these users will also be blocked automatically.
If you haven’t, you should consider it.