• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Hackers Cryptojack Microsoft Azure ML Clusters

Mitigating Cloud Supply-chain Risk: Office 365 and Azure Exploited in Massive U.S Government Hack

December 25, 2020
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

February 26, 2021
Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

February 26, 2021
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Releases Azure Firewall Premium in Public Preview

February 26, 2021
Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

February 25, 2021
8×8 makes raft of updates to platform

Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

February 25, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

February 25, 2021
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

February 23, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

February 22, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, February 27, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    How to use Microsoft Sysmon, Azure Sentinel to log security events

    Microsoft Cloud Announces Three New Vertical Cloud Solutions

    Innovative solutions for IT workers at home

    Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

    Innovative solutions for IT workers at home

    What is database encryption?

    A moment of reckoning: the need for a strong and global cybersecurity response

    Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

    Innovative solutions for IT workers at home

    ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

    A moment of reckoning: the need for a strong and global cybersecurity response

    ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

    Innovative solutions for IT workers at home

    SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

    8×8 makes raft of updates to platform

    Indonesian Mobile Operator Selects NTT for Microsoft Security Project

    Microsoft To Build New Azure Cloud Data Centers In Greece

    NTT completes Microsoft security project for Indonesian mobile operator

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Releases Azure Firewall Premium in Public Preview

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Veeam Backup & Replication 11: Enhanced data management for a multi-cloud environment

    8×8 makes raft of updates to platform

    Advancing the Orchestration of Distributed Edge Applications, ZEDEDA Integrates with Microsoft Azure IoT

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

    Microsoft To Open Azure Cloud Data Center Region In Spain

    EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Engineer at VillageMD

    Innovative solutions for IT workers at home

    How to Sync On-Premise Active Directory Passwords with Office 365 and Google Apps in Real-Time

    Microsoft Azure Forms Collaboration to Enhance AI in Healthcare

    Azure Defender is now available for all IoT and OT devices

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Google and Microsoft ID Group Targeting Security Researchers

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home News

Mitigating Cloud Supply-chain Risk: Office 365 and Azure Exploited in Massive U.S Government Hack

by AZURE SECURITY NEWS EDITOR
December 25, 2020
in News
0
Hackers Cryptojack Microsoft Azure ML Clusters
492
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

The central issue behind the latest headline-grabbing security breach – an incident that directly impacted several major US government agencies – highlights pervasive issues related to many organizations’ use of the popular Office 365 and Azure Microsoft cloud platforms.

According to numerous reports, nation-state backed hacking campaigns targeting vendor SolarWinds and its customers at the Commerce Department’s National Telecommunications and Information Administration (NTIA), among others, took advantage of cloud security gaps that may exist for many organizations – highlighting the need for additional controls designed to detect and thwart such threats as they transpire.

While Microsoft and SolarWinds are working to remediate the underlying issues related to the attacks on Office 365, Azure Active Directory and a key domain name, the scenario throws greater light on the requirement for dedicated capabilities aimed at pinpointing such a compromise – threats that can play out when existing cloud applications and platform defenses are circumvented and underlying vulnerabilities have been exploited.

Despite the fact that Microsoft has spent significant effort incorporating powerful security capabilities into its cloud-based tools, such attacks that involve elite hackers using advanced techniques to bypass existing protections clearly remain a major threat.

This is just one of the many reasons that so many practitioners have turned to CipherCloud solutions to increase their visibility into and control over Office 365 – in particular to help address their advanced data protection requirements and use of multiple cloud applications.

Here’s what we know about the attack:

According to SolarWinds filings with the SEC, the involved attackers were able to compromise the company’s Microsoft Office 365 emails with forged SAML tokens. The hackers were also able to compromise SolarWinds’ Azure Active Directory along with privileged accounts in the organization as detailed below:

  1. SolarWinds’ Orion systems were connected to the US Government’s Office 365 cloud (and thousands of other customers) as 3rd-party apps and trusted entities. When Orion was hacked and compromised, the involved intruders were then able to take advantage of this trusted connection to infiltrate Office 365 and gain access to confidential information.
  2. An on-premise compromise enabled intruders to gain access to the organization’s trusted SAML token-signing certificate through an administrative permission they had acquired. This allowed the intruders to forge SAML tokens to impersonate roles of any user in the organization, essentially giving them the keys to the castle.
  3. It only follows that anomalous logins were then easily overlooked when such authentication attempts were made using the compromised token-signing certificate to generate the needed SAML tokens. This provided the ability to access to many on-premise resources as well as cloud services like Azure Active Directory, and others.
  4. With such access, the attackers were then able to gain high privileged accounts in the organization, and may then have added their own credentials to existing application principals, thus making them appear as legitimate users and providing the opportunity to begin using APIs on top of the application to steal data.

And this is how the hackers involved were also able to reportedly gain access to over 18,000 of SolarWinds’s public and private customers through trojanized updates to SolarWinds’ Orion network monitoring software, as detailed by FireEye.

This scenario further reinstates the point that cloud service providers’ native controls are often insufficient for countering sophisticated cyberattacks, especially as today’s organizations adopt dozens, if not hundreds of individual cloud and SaaS applications and must attempt to manage security and compliance across all of them.

How can employing a leading-edge cloud security solution from CipherCloud help?

Beyond providing customers with a centralized platform through which to monitor and enforce advanced cloud and data security policies across all of their applications, solutions such as CipherCloud CASB+ can specifically:

  1. Monitor and control 3rd-party apps connected to your cloud applications such as Office 365: If any of your 3rd-party vendors (such as SolarWinds Orion in this case) are hacked and compromised, there’s a better chance that you’ll observe attackers attempting to take advantage of the trusted connection into your cloud applications/Office 365 to steal your confidential information.
  2. Log security events and report the types of incidents that were involved in the Office 365 compromise: Thereby enabling practitioners to catch the types of activities involved in this campaign earlier in the attack’s proliferation and during the attackers’ attempted escalation.
  3. Detect unusual user activity and anomalous user behavior using UEBA: By pinpointing and alerting on those activities that are clearly out of line for privileged users, thereby highlighting those actions as they are being carried out. This may even incorporate geolocational data when it is available and relevant.
  4. Ensure your sensitive data is protected in the cloud and wherever it travels, via E-DRM: In applying advanced rights management and encryption to prevent any usable version of your sensitive information from landing in attackers hands.
  5. Assess and monitor risk in Office 365’s configuration and vulnerabilities using Cloud Security Posture Management: With many other attacks taking advantage of cloud configuration errors, this is another key capability that can utilize automation to help prevent potential compromise of unseen exposures, made even more powerful by direct integration with other CASB capabilities.

Again, it is always important to point out that it’s extremely difficult to get everything right all the time and we’re not criticizing SolarWinds, and certainly not Microsoft. The main issue is configured supply-chain trust that you must also verify continuously.

What’s critical to understand is that – as your organization continues to adopt cloud applications and infrastructure at a furious pace to accelerate and optimize business, you have to similarly adopt advanced controls to improve your security posture and decrease your overall cloud and data security risk – and CipherCloud CASB+ is a great place to start.

For more information on CipherCloud CASB+ Microsoft Office 365 capabilities, click here.

The post Mitigating Cloud Supply-chain Risk: Office 365 and Azure Exploited in Massive U.S Government Hack appeared first on CipherCloud.

Reference: https://securityboulevard.com/2020/12/mitigating-cloud-supply-chain-risk-office-365-and-azure-exploited-in-massive-u-s-government-hack/

Share197Tweet123Share49
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

by AZURE SECURITY NEWS EDITOR
February 26, 2021
0

Microsoft is boosting its industry-cloud solutions with the announcement of three new programs. To help get these new Azure offerings...

Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

by AZURE SECURITY NEWS EDITOR
February 26, 2021
0

 Privacera, the cloud data governance and security leader founded by the creators of Apache Ranger™, today announced a technology partnership...

Innovative solutions for IT workers at home

What is database encryption?

by AZURE SECURITY NEWS EDITOR
February 26, 2021
0

Database encryption protects sensitive information by scrambling the data when it’s stored, or, as it has become popular to say,...

A moment of reckoning: the need for a strong and global cybersecurity response

Cloud Security in Banking Market to Witness Huge Growth by 2026 | Microsoft Azure, Trend Micro, Salesforce

by AZURE SECURITY NEWS EDITOR
February 25, 2021
0

Latest launched research document on Global Cloud Security in Banking Market study of 111 Pages provides detailed analysis with presentable...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
How to use Microsoft Sysmon, Azure Sentinel to log security events

Microsoft Cloud Announces Three New Vertical Cloud Solutions

February 26, 2021
Innovative solutions for IT workers at home

Privacera Announces Partnership with Talend for Rapid Cloud Data Integration and Governance with Automated Privacy and Compliance

February 26, 2021
Innovative solutions for IT workers at home

What is database encryption?

February 26, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In