How Cybercriminals Break into the Microsoft Cloud

  /     /     /  
Publicated : 23/11/2024   Category : security

How Cybercriminals Break into the Microsoft Cloud


Microsoft and Trimarc researchers explore the most common attacks against the cloud and effective defenses and mitigation.


Even companies that previously said no to cloud are migrating their services and resources to cloud-based infrastructure. As they do, many are concerned about maintaining the clouds rapid update pace and how the new paradigm exposes them to new types of security threats.
Moving to the cloud is one challenge. Knowing how to secure it afterward is another.
One of the things I recognize, and certainly see for myself, is keeping up with changes at cloud scale is challenging, to say the least, says Mark Morowczynski, principal program manager at Microsoft. Organizations go from never cloud, to maybe cloud, to cloud is an important business component, and many are trying to figure out how to determine that risk.
Its a challenge from an administrative and operations perspective, he continues, adding that ultimately the cloud is a huge paradigm shift for people. From Amazon Web Services to Office 365, there are countless applications that reside in the cloud. Identity protection, security settings, and vendor management are all different to track, and all affect organizational risk.
We found that many organizations are struggling with what to do once theyre in the cloud, and how to secure their cloud tenant, says Trimarc CTO Sean Metcalf. Were seeing a lot of customers are moving to a work-from-anywhere model, and one of the things with that is theres lots of good fundamentals and best practices we want people to be doing correctly.
A common concern among businesses is I dont know what I dont know, he continues. Many organizations simply dont understand the risks, and theyre moving into the cloud unsure of what theyre doing. The challenge is compounded for those using Microsoft, Google, and Amazon cloud services, he adds, as security controls are often in different cloud environments.
At this years Black Hat USA, Morowczynski and Metcalf will discuss threats specific to Microsoft cloud services in their talk,
Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)
. The goal, Metcalf says, is to help people understand how to secure Microsoft cloud environments, common mistakes made, and which configurations could make them vulnerable.
Our approach is very much focused on mitigating real world attacks, Metcalf adds.
One of the threats the duo plan to discuss is password spraying, which Morowczynski says is one of the most common attacks leveraged against Microsoft users. Historically, people have a predictable pattern in password reset policies: they change every 30 days and often switch their password to whatever month it is; for example, July2019!
Attackers recognize this behavior, he continues, so they keep a list of usernames and test the password against each one. If the system uses a legacy protocol that cant support MFA, the attacker will likely succeed. Good fundamentals really go a long way in protecting against attacks, he notes, recommending companies abandon legacy authentication in favor of MFA.
Of course, this isnt a new issue, Metcalf points out. The on-prem environment password spray is something thats been pretty prevalent. Its just the fact that where the data is, what attackers want to get to, is located in the cloud.
As attackers pivot to the cloud, its easier for them because the default configuration leaves these services available to the Internet at large, he explains. Organizations want their users to be productive from anywhere; with that access, an intruder could bounce around from a few different IP addresses to attempt to break into an account.
Metcalf describes a customer who had no MFA configured on any accounts, enabling an attacker to password-spray any environment. Because cloud and on-premise systems had the same passwords, they could break into one account, connect to a VPN, and gain access to a corporate environment. Thats an extension of how bad an attack like that can be, he says.
The two hope attendees take away a better understanding of security risks inherent to cloud services, how attackers exploit misconfigurations, and where they might be vulnerable. While their content is focused on Microsoft, some attack and defense topics apply to other providers.
Related Content:
8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
Calculating the Value of Security
Bluetooth Bug Enables Tracking on Windows 10, iOS & macOS Devices
800K Systems Still Vulnerable to BlueKeep
 
Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the 
conference
 and 
to register.
 
 
 
 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
How Cybercriminals Break into the Microsoft Cloud