Saturday, April 17, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Microsoft: How ‘zero trust’ can protect against sophisticated hacking attacks

January 21, 2021
in Internet Security
Microsoft: How ‘zero trust’ can protect against sophisticated hacking attacks
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

The variety of techniques used by the SolarWinds hackers was sophisticated yet in many ways also ordinary and preventable, according to Microsoft. 

To prevent future attacks of similar levels of sophistication, Microsoft is recommending organizations adopt a “zero trust mentality”, which disavows the assumption that everything inside an IT network is safe. That is, organizations should assume breach and explicitly verify the security of user accounts, endpoint devices, the network and other resources. 

You might also like

Cyberattack on UK university knocks out online learning, Teams and Zoom

Google backs new security standard for smartphone VPN apps

Mozilla to start disabling FTP next week with removal set for Firefox 90

As Microsoft’s director of identity security, Alex Weinert, notes in a blogpost, the three main attack vectors were compromised user accounts, compromised vendor accounts, and compromised vendor software.  

Thousands of companies were affected by the SolarWinds breach, disclosed in mid-December. The hackers, known as UNC2452/Dark Halo, targeted the build environment for SolarWinds’ Orion software, tampering with the process when a program is compiled from source code to a binary executable deployed by customers. 

US security vendor Malwarebytes yesterday disclosed it was affected by the same hackers but not via the tainted Orion updates. The hackers instead breached Malwarebytes by exploiting applications with privileged access to Office 365 and Azure infrastructure, giving the attackers “access to a limited subset” of Malwarebytes’ internal emails.

According to Weinert, the attackers exploited gaps in “explicit verification” in each of the main attack vectors. 

“Where user accounts were compromised, known techniques like password spray, phishing, or malware were used to compromise user credentials and gave the attacker critical access to the customer network,” Weinert writes.  

He argues cloud-based identity systems like Azure Active Directory (Azure AD) are more secure than on-premises identity systems because the latter lack cloud-powered protections like Azure AD’s password protection to weed out weak password, recent advances in password spray detection, and enhanced AI for account compromise prevention.

In cases where the actor succeeded, Weinert notes that highly privileged vendor accounts lacked additional protections such as multi factor authentication (MFA), IP range restrictions, device compliance, or access reviews. Microsoft has found that 99.9% of the compromised accounts it tracks every month don’t use MFA. 

MFA is an important control as compromised high privilege accounts could be used to forge SAML tokens  to access cloud resources. As the NSA noted in its warning after the SolarWinds hack was disclosed: “if the malicious cyber actors are unable to obtain a non-premises signing key, they would attempt to gain sufficient administrative privileges within the cloud tenant to add a malicious certificate trust relationship for forging SAML tokens.”

This attack technique could be thwarted too if there were stricter permissions on user accounts and devices. 

“Even in the worst case of SAML token forgery, excessive user permissions and missing device and network policy restrictions allowed the attacks to progress,” notes Weinert. 

“The first principle of Zero Trust is to verify explicitly—be sure you extend this verification to all access requests, even those from vendors and especially those from on-premises environments.” 

The Microsoft veteran finally offers a reminder why least privileged access is critical to minimizing an attackers opportunities for moving laterally once inside a network. This should help to compartmentalize attacks by restricting access to an environment from a user, device, or network that’s been compromised.

With Solorigate — the name Microsoft uses for the SolarWinds malware — the attackers “took advantage of broad role assignments, permissions that exceeded role requirements, and in some cases abandoned accounts and applications which should have had no permissions at all,” Weinert notes. 

Weinert admits the SolarWinds hack was a “truly significant and advanced attack” but the techniques they used can be significantly reduced in risk or mitigated with these best practices.

Credit: Zdnet

Previous Post

Markov Chain Monte Carlo Methods for Bayesian Data Analysis in Astronomy

Next Post

Does AI Raises Security and Ethics Concerns amid Pandemic | by Divyesh Dharaiya | Jan, 2021

Related Posts

Cyberattack on UK university knocks out online learning, Teams and Zoom
Internet Security

Cyberattack on UK university knocks out online learning, Teams and Zoom

April 17, 2021
Google backs new security standard for smartphone VPN apps
Internet Security

Google backs new security standard for smartphone VPN apps

April 16, 2021
Mozilla to start disabling FTP next week with removal set for Firefox 90
Internet Security

Mozilla to start disabling FTP next week with removal set for Firefox 90

April 16, 2021
Swinburne University confirms over 5,000 individuals affected in data breach
Internet Security

Swinburne University confirms over 5,000 individuals affected in data breach

April 16, 2021
OWC partners with Acronis protect your backups from ransomware attacks
Internet Security

OWC partners with Acronis protect your backups from ransomware attacks

April 16, 2021
Next Post
Does AI Raises Security and Ethics Concerns amid Pandemic | by Divyesh Dharaiya | Jan, 2021

Does AI Raises Security and Ethics Concerns amid Pandemic | by Divyesh Dharaiya | Jan, 2021

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Teslafan, a Blockchain-Powered Machine Learning Technology Project, Receives Investment Prior to the ICO
Machine Learning

Teslafan, a Blockchain-Powered Machine Learning Technology Project, Receives Investment Prior to the ICO

April 17, 2021
The “Blue Brain” Project-A mission to build a simulated Brain | by The A.I. Thing | Mar, 2021
Neural Networks

The “Blue Brain” Project-A mission to build a simulated Brain | by The A.I. Thing | Mar, 2021

April 17, 2021
A new collective to fight adtech fraud: Friday’s daily brief
Digital Marketing

A new collective to fight adtech fraud: Friday’s daily brief

April 17, 2021
Cyberattack on UK university knocks out online learning, Teams and Zoom
Internet Security

Cyberattack on UK university knocks out online learning, Teams and Zoom

April 17, 2021
SBI Sumishin Net Bank partners with DLT Labs on supply chain financing network
Blockchain

SBI Sumishin Net Bank partners with DLT Labs on supply chain financing network

April 16, 2021
Machine learning approach identifies more than 400 genes tied to schizophrenia
Machine Learning

Machine learning models may predict criminal offenses related to psychiatric disorders

April 16, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Teslafan, a Blockchain-Powered Machine Learning Technology Project, Receives Investment Prior to the ICO April 17, 2021
  • The “Blue Brain” Project-A mission to build a simulated Brain | by The A.I. Thing | Mar, 2021 April 17, 2021
  • A new collective to fight adtech fraud: Friday’s daily brief April 17, 2021
  • Cyberattack on UK university knocks out online learning, Teams and Zoom April 17, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates