BR +55 11 3069 3925 | USA +1 469 620 7643

Microsoft Attack: How can PAM help me?

by | Mar 25, 2022 | BLOG

Each day more news of cyber attacks come up in the media, involving from Small and Medium Enterprises (SMEs) to large business conglomerates. These attacks can have several motivations: they can only serve as alerts for organizations to increase their cybersecurity maturity; steal the data to resell it on the Deep Web; cause harm to the organization; or carry out extortion. This is in addition to the operational and image losses that organizations can suffer, which can be incalculable. It is important to emphasize that cybersecurity risks are increasingly associated with business risks, and must be considered by senior management when defining their business strategies. 

The Lapsus$ cyber gang has been doing quite a bit of damage these past few days. Okta and Microsoft are among the targets of successful attacks by DEV-0537, as the gang is called by the developer of Windows. Do you want to understand how the attacks on Microsoft and Okta occurred, and how the attacks could be prevented or minimized? Read this article until the end and we will explain.

Lapsus$ started its activities targeting organizations in the UK and South America. The cyber gang then expanded its actions to global targets, including government, technology, telecom, media, retail and healthcare. In both Microsoft and Okta cases, the malicious attackers used privileged credentials to carry out their attacks. According to the Verizon 2021 Data Breach Investigations Report, 61% of cyberattacks involved privileged credentials. But why are high-privilege credentials among cybercriminals’ favorite targets?

 Well, the main reason for the high rate of attacks through privileged credentials is because they allow the execution of a series of administrative activities in the environment. Transferring resources in an ERP system or changing the settings of a firewall or email server are some of the activities that can be performed using this type of credential. It’s no wonder they’re also called “keys to the kingdom”: privileged credentials give you unlimited access to your organization’s most critical devices, applications, and data.

 It is also worth remembering that Lapsus$ uses Social Engineering as a technique to gain access to privileged credentials, as well as in 35% of cyber attacks, according to the Verizon report. Techniques used by Lapsus$ include SIM Swapping, paying employees and third parties in exchange for their credentials or configured MFAs, or Social Engineering over the phone.

In the case of Okta, according to its CSO, the malicious attackers had access to a device of a Support engineer in a time window of six days, between January 16 and 21, 2022. Also according to the Okta executive, the cyber attack affected a low percentage of customers – approximately 2.5% or 400 customers.

Microsoft’s investigation of the incident found a compromised privileged account, which allowed access to their environment. However, the malicious attackers were not able to access personal data, such as customers, but they had access to the company’s source code, although Microsoft does not consider this fact serious.

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

5 + 4 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

To help organizations manage and protect their privileged credentials, there is Privileged Access Management, or PAM. According to Gartner, PAM solutions help organizations provide privileged access to critical assets and achieve compliance by managing and monitoring privileged accounts and access.

Also according to Gartner, it is impossible to manage privileged access risks without specific Privileged Access Management tools. But how can the senhasegura PAM security platform help prevent, detect and remediate cyberattacks such as those that occurred with Okta and Microsoft?

senhasegura offers an approach based on the privileged access lifecycle: from the actions performed before, during and after access.

Initially, senhasegura offers Credential Management features, which allow the user to view the password of a credential to access a device or application. senhasegura also allows you to configure criteria for password change, such as number of uses, specific date and time, or elapsed time.

 senhasegura also offers Remote Session Management functionality, which further increases security in relation to pure credential management. In this case, senhasegura records and stores all remote sessions carried out through the solution.

senhasegura’s Threat and Behavior Analysis allows the identification and response to any change in behavior patterns and user access profiles. In case of detection of suspicious access, the LiveStream functionality allows the Information Security team to monitor all actions performed by the user, being possible to block or interrupt the session in case of suspicious behavior.

 All actions performed by users through remote sessions on senhasegura are logged. In this case, the Security team is able to search for specific commands performed by the user, allowing them to easily find potentially malicious ones.

 Finally, senhasegura offers senhasegura Domum, which provides secure remote access for employees and third parties, providing Zero Trust-based access without the need for additional configuration, such as VPN, or access to the PAM solution. All of this with all the security features already offered by the PAM platform.

 We have seen that when it comes to cybersecurity, the question is not “if” the attack will occur, but when. Many of these cyberattacks involve privileged credentials, also called “keys to the kingdom”. According to Gartner, it is impossible to manage the risks associated with privileged access without specific tools. senhasegura offers a complete PAM platform, which covers the entire privileged access lifecycle. In this way, it is possible to quickly detect potentially malicious actions, thus allowing the reduction of operational costs in addition to compliance with regulatory requirements and security policies.

SaaS, PaaS and IaaS: Learn about theCloud Computing Options

Understand these solutions to choose the best alternative for your business. For many years, we have been using cloud computing to access files that are not stored on a computer, but on email servers, social network websites, or internet pages, without the need of...

What does a Chief Information Security Officer (CISO) do?

A Chief Information Security Officer (CISO) is a high-level professional responsible for the digital security of a company. If you aspire to obtain this position, read our text until the end. In it, we explain more about the profession. With the advancement of...

An overview of essential certifications for CISOs

In the world of cybersecurity, the role of a CISO is crucial in protecting data and sensitive information. To excel in this career, it is necessary to have certain certifications, including Certified Information Systems Security Professional (CISSP), Certified Ethical...

What is the role of a CISO during a cyber attack?

The CISO plays a crucial role in incident management during cyber attacks as they are responsible for implementing containment and eradication measures. However, it is also their role to detect and prevent threats. Learn more in this article about the responsibilities...

Security Training Best Practices for Privileged Users

It is essential to train privileged users to avoid cyber threats, as they are the primary victims of hackers. Read our article and learn how to do it. Privileged user credentials are among the main targets of cybercriminals since they allow them to access data and...