Microsoft Azure was recognized by Compuware as the fastest “cloud” platform. The Azure security center helps to identify and investigate real attacks. There is a publication about an attack message that used PowerShell to run malicious code and collect user credentials.
In this article Greg Cottingham proposes to consider the scenario of a real attack that was discovered by the Azure Security Center. In this attack, PowerShell was used to run malicious code in memory to collect credentials by stealing passwords, logging keystrokes, clearing the clip, and capturing the screen. This case study provides an opportunity to present an attack in the dynamics and to receive recommendations on the detection and prevention of similar attacks in your environment.
In conclusion of this article, you can get acquainted with the recommended steps to restore and mitigate the consequences.