Malwarebytes reported that SolarWinds hackers accessed its internal emails using the same intrusion vector they used in other attacks. The attack sequence suggests that the attacker tricked an end user into authorizing a third-party site to share authentication via OAuth. Adding multi-factor authentication will not prevent these attacks. You need to add policies for reviewing for certain activities and anomaly actions. The attacks are typically made to mimic the branding of the target company so that users are less suspicious. The user is then prompted with screen that grants limited access to the resources.”]