HomesecurityMicrosoft: "Zero trust" protects against sophisticated hacking attacks

Microsoft: "Zero trust" protects against sophisticated hacking attacks

According to Microsoft, the techniques used by hackers of Solarwinds, were sophisticated but common and preventable.To avoid future attacks similar levels of complexity, Microsoft advises organizations to adopt the "zero trust».

microsoft zero trust

In essence this means that organizations must consider that every part of their systems is at all times in risk and explicitly verify the security of user accounts, end devices, network and other resources.

Such as notes ο Alex Weinert, director of identity security at Microsoft, the three main attackers are compromised user accounts, compromised vendor accounts, and compromised software supplier.

Thousands of companies were affected by infringement of SolarWinds, which was unveiled in mid-December. The team hacking known as UNC2452 / Dark Halo, targeted the build environment for the software Orion of SolarWinds.

According to Weinert, the attackers took advantage of gaps in the "explicit verification" of each of the main actors.

"Where user accounts were compromised, known techniques such as password spray, e-fishing (Phishing) or malware for violating user credentials by giving the attacker access to the client network", Writes Weinert.

It claims that cloud-based authentication systems like Azure Active Directory (Azure AD) is more secure than indoor ID systems because the latter does not have cloud-supported protection.

In cases where hackers succeeded, Weinert notes that privileged vendor accounts did not have additional protections such as Multifactor Authentication (MFA), IP bandwidth restrictions, device compliance, or access criteria. Microsoft found that 99,9% of the breached accounts it monitors each month do not use MFAs.

This attack technique could also be prevented if there were stricter permissions on user accounts and Appliances.

"The first principle of the Zero Trust is to explicitly verify that you have extended verification to all access requests, even those from suppliers and especially those from in-house installations."

Weinert admits that invasion at SolarWinds was a "really important and advanced attack", but the techniques they used could be mitigated with these best practices.

Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement