Learning from the failures of Big Five Tech players
Microsoft ’ s own investigation concluded that the attack was not tied to a vulnerability but rather to the absence of multifactor authentication , in legacy systems . So , practices make perfect , as in best practices says Morey Haber at BeyondTrust .
Morey Haber , Chief Security Officer , BeyondTrust
The echo of the New Year gong had barely faded when security leaders in the GCC , and around the world , were reading about Microsoft ’ s tangle with Midnight Blizzard . Alternatively known as Nobelium , APT29 , UNC2452 , and the somewhat cuddly Cozy Bear , the Russian state-sponsored , according to Microsoft social-engineering specialist was reportedly behind the 2021 SolarWinds infiltration .
In January , this decidedly non-cuddly Bear compromised the tech giant with a simple password-spray attack that began in November . From the hijack of a test tenant account , Midnight Blizzard moved laterally to take over several other corporate accounts , including those of top executives , even those of cybersecurity leaders .
So , let the lesson-learning begin . First , the classics still work . Password-spray attacks have been around forever . They differ from a brute-force attack , in that they hit a large quantity of accounts with the most common passwords , 12345678 , Passw0rd , and so on , rather than focusing on a single account by trying every possible password .
The attack method also tries one chosen password at a time against each account on the attackers hit list , which is stealthier because it prevents lockouts . Second , the threat gang , may have made off with some , undisclosed data , indicating , once more , that even the largest enterprises are at risk .
Third , Microsoft ’ s own investigation concluded that the attack was not tied to a vulnerability but rather to the absence of multifactor authentication , MFA in legacy systems . So , practices make perfect , as in best practices . So , let ’ s look at some now to ensure the region ’ s enterprises do not fall prey to a Microsoft-style drama .
Password management
It is crucial to understand that the absence of robust passwords , multifactor authentication , and other standards is , by definition , the absence of strong management principles . If we want to talk in terms of blast radius , we minimise damage by minimising the number of accounts that are not following the right protocols .
Strong passwords are the enemy of spray attacks so good password management is the enemy of spray attacks . Such attacks succeed more commonly when targeting cloud-native applications because they are seldom monitored for failed logon attempts and also tend to not use modern practices such as MFA .
Password management is as straightforward as it sounds . It provides a digital means of looking over each user ’ s shoulder to ensure they change their passwords regularly , use sufficiently complex ones when they do so , and do not duplicate them across resources . Enterprise password management solutions are available for such purposes and are well worth the investment , especially if one considers Microsoft is not the only cautionary tale that illustrates the potential consequences of inaction .
These platforms are hygiene enforcers and best-practice disciplinarians for human and machine accounts alike . Apart from password oversight , they are capable of managing privileged sessions in real time to flag potential threats and , if necessary , pause or terminate a session to protect the environment .
Multifactor authentication
Password-spray attacks can sometimes be defused by password hygiene alone . But to really frustrate the threat actor , security teams should implement MFA . While this is important for all users , it becomes all the more critical for privileged accounts . While no cybersecurity measure is foolproof and
38 www . intelligenttechchannels . com