Microsoft is adding a new feature to Microsoft Defender for Office 365 that will better alert customers of a suspected nation state attack.
As first reported by ZDNet, the company is adding an alert to the security portal that will alert customers when nation-state activity is detected in the customer’s environment. The feature was added to the company’s Microsoft 365 product roadmap last week.
According to the roadmap, the feature is expected to be generally available this month.
Nation state threats are defined as cyber threat activity that originates in a particular country with the apparent intent of furthering national interests. These attacks represent some of the most advanced and persistent threat activity Microsoft tracks.
The Microsoft Threat Intelligence Center follows these threats, builds comprehensive profiles of the activity, and works closely with all Microsoft security teams to implement detections and mitigations to protect our customers. We’re adding an alert to the security portal to alert customers when suspected nation-state activity is detected in the tenant.
The update is noteworthy as it comes amid a recent flurry of nation-state attacks, highlighted by the massive compromise of the SolarWinds Orion platform by the Russian government and a smaller one suspected to be the doing of Chinese hackers.
In July 2019, the Microsoft’s Vice President of Customer Security & Trust Tom Burt wrote in a blog that the company had in the last year notified nearly 10,000 customers that they were the target of a nation-state attack.
About 84% of these attacks targeted our enterprise customers, and about 16% targeted consumer personal email accounts. While many of these attacks are unrelated to the democratic process, this data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics or achieve other objectives.
It’s unclear exactly how long Defender has been notifying users of a nation-state attack, but a December 2015 blog vaguely says that the company began 2016 by alerting users of nation-state attacks.