TechNewsPro_Masthead_2.jpg

The latest in NEWS, RESOURCES and JOBS

Lower the TCO of your legacy data wareho
Talend_Banner_728x90px_v1.jpg
  • Sahriar Shuvo - Tech Journalist

Three new security plunders: Microsoft said it’s the same group behind SolarWinds hack

Cyber-attacks are much more common than we think. Just last week, Microsoft reported a breach incident via a customer-service executive. Attackers took the information and launched further hacking attempts. A company like Microsoft is not to be tempered with. But Friday was different and a breach took place.



They reported the breach was discovered at the time of the identification session of security policy. And they tailback to the SolarWinds hack.


Nobelium may be the name of this particular hacker group that Microsoft reported. Nobelium used password spray and brute-force techniques to gain ground. They were investigated before and around this attack, it continued.


However, Microsoft is not backing out and hiding the discovery, instead pressed an article to let users gain sufficient information on what happened. Three new entities were compromised as far as the information goes and it was an unsuccessful one. Though targets were not successfully compromised, customers were informed. Their nation-state notification process helped to contact the victims to be and the issue patching status.


Microsoft recommended every one to take “security precautions such as enabling multi-factor authentication.” Specific customers were targeted in the attack. Especially in IT companies, 57 per cent to be exact. 20 per cent government and a smaller number in the non-governed sector. As 45 per cent in the US and 10 per cent in the UK could’ve fall victim, we assume the target focused on US interests.


As the recent attack covered 36 countries and financial entities, no way it will be ignored and will be investigated further. At the post-pandemic times, many security essentials are working remotely and most of the security is focused online. But the breach took place after the SolarWinds incident even most companies strengthened their online presence.


The Response

Additional investigation is running by Microsoft. The first detection came to light while they discovered malware stealing information. It logged information from a customer-support agent machine that had data of some customers. And this information can be used to duplicate real personals for massive breaches.


Support agent devices are part of Zero Trust “least privileged access.” So, they don’t contain high-level access and as a result, the company encountered minimal loss. Those accounts have been secured and made sure it can’t be used anywhere else.


Zero Trust and multi-factor authentications are very important. So, Microsoft is urging everyone to enrol in the deployment and stay protected.


However, the Zero Trust has a dedicated module set as the business plan. It specifically verifies biometric and physical device endpoints. If devices go on a risky estate, the multi-factor authentication kicks in. This is where the organisation's security policy enforcement comes as a bright idea.


As the network module contain threat protection, adaptive access and classified encryption levels, customer end is severely protected. It can be data, or apps and even the infrastructure as a whole. The program also grants access to safety devices before authentication, it happens continuously and comprehensively. Microsoft’s administrators account security planning guide was first published in 1999 and it pointed: “domain-level administrator rights must not have elevated rights in another forest.”


Microsoft is not involved with SolarWinds or its customers. It was declared by a spokesman of SolarWinds. But breaching one service agent may trigger the leak of sensitive credentials. Nonetheless, among other data, the agent did grab billing information and service usage by customers. Microsoft said, “The actor used this information in some cases to launch high-targeted attacks as part of their broader campaign.”


To keep everyone calm and reveal the matter publicly without causing any panic, Microsoft at the time of disclosure talked about the incident on the fourth part of the whole report. Nobelium compromisation wasn’t a single type of attack. According to Malwarebytes, they brought a different vector to light but what it was, actually remained a secret. Many independent researchers were also shocked by the incident as Microsoft remains responsible for the sensitive data of many customers around the globe.

Element_300x600_June_2.jpg

LATEST RESOURCES

 

 

How the Australian government departments are revitalising the citizen and supplier experience

Accelerating the delivery of excellent service. Here we outline how government departments can deliver a better experience while also saving time and money for themselves and their staff by leveraging process mapping, automation and document generation.

Best Practices for Office 365 Security

Microsoft Office 365 has largely defined how teams collaborate in the cloud with over 100 million monthly users. We look at the best practices for Office 365 security monitoring.

Beyond Security Events and Compliance 

The Splunk platform is designed to investigate, monitor, analyze and act on data at any scale. We call this Data-to-Everything Platform, which removes barriers between data and action.

The Impact of Chatbots and AI on the Customer Journey

Emerging technologies – like Artificial Intelligence (AI) – are helping companies transform the customer experience, but businesses need to act quickly to stay ahead of the pack and start delivering the type of service that becomes a true competitive differentiator.

Endpoint Security for Dummies

Symantec Endpoint Suite Product Guide. Stay ahead of the evolving threat landscape. Prevent ransomware and emerging threats. Saves resources with simplified EDR.

Leveraging CIAM to Unlock the Power of AI and IoT

How customer identity and access management (CIAM) maximises the business value of AI and IoT while protecting your customers.

Parting the clouds. 

for greater security

Covid-19 has landed CSOs a unique opportunity to embrace web isolation.

Eliminate malware threats with zero trust 

Isolation-powered security provides full protection against email and Web based threats.

MenloSecurity_Signature_Purple_RGB.jpg
MenloSecurity_Signature_Purple_RGB.jpg
bold360_Logo..png
Symantec_Logo.png
Alien_Vault_Logo.jpg
Splunk_logo.png
nintex_logo.png

    SUBSCRIBE

to our latest RESOURCES

to keep up to date with the

latest whitepapers

WP_GMC_Cover.jpg
WP_bold360_Cover.jpg