In recent news, Microsoft has revealed that its systems were targeted by the infamous threat actor Midnight Blizzard (also known as Nobelium). The attackers were able to gain access to email accounts through a test tenant. Additionally, it was also reported that email accounts at HPE were compromised by nation-state actors with ties to Russia. Both incidents appear to have been password-spraying attacks on legacy email accounts, where attackers try their luck with a small subset of popular or likely passwords on a variety of accounts.
Microsoft released an analysis of the incidents in late January 2024 in the form of a blog post. The company admitted that the hacked test account did not have multifactor authentication enabled. It has since been revealed that the criminal hackers are attempting to profit from the information they were able to steal during the initial attack.
According to Microsoft’s update to the original blog post, Midnight Blizzard has used the stolen information to attempt unauthorized access to internal systems and source code repositories. The attack volume observed in January 2024 was significantly increased by Midnight Blizzard in February.
To protect yourself and your company from similar attacks, here are some tips:
### 1. Enable MFA
Learn from the attack on Microsoft and activate Multifactor Authentication (MFA) for everything. MFA is essential for cloud services, as a password alone is not sufficient. If your user base is hesitant towards MFA, there are ways to make it more appealing. Consider configuring MFA so that authentication is not mandatory at trusted locations. Depending on your organization’s risk tolerance, setting up static IP addresses for high-value targets can help identify and secure high-level accesses.
### 2. Check Location
Criminal hackers do not always use obviously malicious IP addresses. Determining the exact location from which a user logs in can be difficult, especially when access is via a mobile device. Additional infrastructure to route accesses through a protected and visible tunnel may be necessary.
### 3. Configure Permissions
Allowing all users to register apps and share corporate data is not a recommended strategy. Configure your tenant so that a Cloud App Administrator must explicitly grant users permission to add an OAuth-based third-party application to the tenant. This is especially crucial for companies handling sensitive data of any kind.
### 4. Review Cloud Apps
The cloud has brought convenience but also potential new risks. Ensure that permissions and functionalities of cloud applications are understood, and risks associated with cloud implementations are recognized. Regularly review and update cloud implementations for functionality and security standards.
By following these tips, you can enhance your security posture and better protect your organization from sophisticated cyber threats. Stay vigilant and proactive in safeguarding your digital assets.