Tag Archive for: explains
Microsoft finally explains cause of Azure breach: An engineer’s account was hacked
/in Internet Security
Microsoft said the corporate account of one of its engineers was hacked by a highly skilled threat actor that acquired a signing key used to hack dozens of Azure and Exchange accounts belonging to high-profile users.
The disclosure solves two mysteries at the center of a disclosure Microsoft made in July. The company said that hackers tracked as Storm-0558 had been inside its corporate network for more than a month and had gained access to Azure and Exchange accounts, several of which were later identified as belonging to the US Departments of State and Commerce. Storm-0558 pulled off the feat by obtaining an expired Microsoft account consumer signing key and using it to forge tokens for Microsoft’s supposedly fortified Azure AD cloud service.
The disclosure left two of the most important questions unanswered. Specifically, how was a credential as sensitive as the consumer signing key stolen from Microsoft’s network, and how could it sign tokens for Azure, which is built on an entirely different infrastructure?
On Wednesday, Microsoft finally solved the riddles. The corporate account of one of its engineers had been hacked. Storm-0558 then used the access to steal the key. Such keys, Microsoft said, are entrusted only to employees who have undergone a background check and then only when they are using dedicated workstations protected by multi-factor authentication using hardware token devices. To safeguard this dedicated environment, email, conferencing, web research, and other collaboration tools aren’t allowed because they provide the most common vectors for successful malware and phishing attacks. Further, this environment is segregated from the rest of Microsoft’s network, where workers have access to email and other types of tools.
Those safeguards broke down in April 2021, more than two years before Storm-0558 gained access to Microsoft’s network. When a workstation in the dedicated production environment crashed, Windows performed a standard “crash dump,” in which all data stored in memory is written to disk so engineers can later diagnose the cause. The crash dump was later moved into Microsoft’s…
Computer security expert explains Augusta's problems after cyberattack
/in Computer Security
John Shier, field chief technology officer for Sophos gives us more insight on Augusta’s cyberattack than just about anyone else has.
Jamf VP explains enterprise security threats — and how to mitigate them
/in Computer Security
Apple-focused device management and security vendor Jamf today published its Security 360: Annual Trends report, which reveals the five security tends impacting organizations running hybrid work environments. As it is every year, the report is interesting, so I spoke to Michael Covington, vice president of portfolio strategy, for more details about what the company found this year.
First, here’s a brief rundown of some of the salient points in the report:
- In 2022, 21% of employees were using devices that were misconfigured, exposing the device and the employee to risk.
- 31% of organizations had at least one user fall victim to a phishing attack.
- 7% of Android devices accessed third-party app stores, which often provide versions of legitimate apps that have been tampered with to include malicious code that infects user devices, compared to 0.002% of iOS devices.
- New malware infections dropped from just over 150 million to about 100 million, with malicious network traffic continuing to be more prevalent.
The report confirms that some of the most well-known bad security habits continue. For example, 16% of users are regularly exposing confidential or sensitive data by sharing it via unsecured Wi-Fi hotspots.
Security 360 also gives a good set of insights into how important privacy is to overall enterprise security.
The report points to a range of ways in which privacy, once broken, creates security instability, including nation states that subvert device security to watch, photograph, and record what people do in order to blackmail or otherwise exploit victims.
Another threat is poor data lifecycle management, when companies that do gather private information don’t protect that data well enough. The company continues to invest in approaches to challenge all of these. There’s a host of additional information available in the report, which you can explore here.
An interview with Michael Covington
Covington has extensive experience in tech. A published computer science researcher and IT pro, he has held leadership roles at Intel, Cisco Security, and Juniper Networks.
At Jamf, he oversees the…