In an interesting update and as a direct response to the SolarWinds cyberattack, Microsoft is set to add a new nation-state hacking activity warning to Microsoft 365. The warnings will alert users to any potential threats stemming from a nation-state attacker, giving users time to react to the threat.
Microsoft Introduces Nation-State Threat Notifications
Microsoft Defender for Office 365 (formerly known as Office 365 Advanced Threat Protection) will display a notification informing enterprise users that a suspected nation-state threat attack is interfering with its workspace.
These attacks represent some of the most advanced and persistent threat activity Microsoft tracks. The Microsoft Threat Intelligence Center follows these threats, builds comprehensive profiles of the activity, and works closely with all Microsoft security teams to implement detections and mitigations to protect our customers.
Microsoft already notifies thousands of users per year that a nation-state threat actor could be interfering with their network. However, at the moment, alerts are sent via email.
If the Microsoft Defender for Office 365 user doesn’t check their email on the day, they might miss an important notification. Although Defender for Office 365 is primarily an enterprise product, important notifications still slip through the gaps.
The new notifications will appear within the Microsoft Defender for Office 365 dashboard. It will stand a much higher chance of being seen by network administrators, security teams, management personnel, and so on.
Microsoft added the “Potential Nation-State Activity Alerts” to the Office 365 Roadmap on February 6, 2021, and expects the feature to complete the rollout by the end of the month.
What Is a Nation-State Attack?
A nation-state attack is considered one of the most dangerous types of cyberattacks, such is the depth of knowledge and range of resources available to the threat actor.
The recent SolarWinds cyberattack is strongly suspected to be a nation-state attack, such was the level of expertise required to infiltrate such high-level networks. The attack, known as a supply chain hack, compromised multiple targets after remaining dormant in the victim’s networks for months.
But despite how dangerous a nation-state attack sounds and appears, the majority of the time, regular users like you and I are not the targets. Devoting such substantial resources to attacking regular citizens isn’t worthwhile as there are much easier ways to access their data.
As such, nation-state threats usually attack much larger targets such as government offices, major tech companies, national infrastructure, and so on.