locked
Detect compromised sender RRS feed

  • Question

  • Hello I am currently working with my company Microsoft Office 365 with Exchange. So long story short:

    One of our user's email was compromised this morning and start sending out spam emails with malware to every user in their contact. When I checked the email flow, it had sent out 300+ emails without Microsoft's security detecting it. Luckily we contained and dealt with it. The account was compromised the night before because it received 20-30 emails of the same types.

    The question is: Is there a way to detect unusual traffic / mail flow for an email in our server? Say if one email usually send out 10-20 emails a day but then suddenly send out 300+ emails in 1 hour, then Microsoft will alert the admin.

    Thanks,

    Thursday, September 28, 2017 9:39 PM

Answers

  • Hello,

    Firstly, this is a forum for discussing Microsoft Advanced Threat Analytics only. MATA is an on-premise platform which helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats.

    Although MATA can't detect unusual mail traffic, it can help detect Malicious attacks in advance.

    More details about Microsoft Advanced Threat Analytics, please read the following article.

    https://docs.microsoft.com/en-us/advanced-threat-analytics/what-is-ata

    Best regards,

    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 29, 2017 9:58 AM