Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Azure. Show all posts
Phishing Campaign
Azure Cyber Security Honeypots Microsoft Phishing Campaign

Microsoft Builds Fictitious Azure Tenants to Lure Phishers to Honeypots

 

Microsoft employs deceptive tactics against phishing actors, creating realistic-looking honeypot tenants with Azure access and luring attackers in to gather intelligence on them. 

Tech giant can use the acquired data to map malicious infrastructure, gain a better understanding of sophisticated phishing operations, disrupt large-scale campaigns, identify hackers, and significantly slow their activity. 

Ross Bevington, a key security software engineer at Microsoft known as Microsoft's "Head of Deception," described the strategy and its negative impact on phishing activities at the BSides Exeter conference. 

Bevington developed a "hybrid high interaction honeypot" on the now-defunct code.microsoft.com to gather threat intelligence on actors ranging from rookie hackers to nation-state outfits targeting Microsoft infrastructure. 

Illusion of phishing success 

Currently, Bevington and his team combat phishing by employing deception techniques that exploit full Microsoft tenant environments as honeypots, which include custom domain names, thousands of user accounts, and activities such as internal communications and file-sharing. 

Companies or researchers often set up a honeypot and wait for threat actors to take note of it and take action. A honeypot not only diverts attackers from the real environment, but it also allows for the collection of intelligence on the tactics used to infiltrate systems, which can then be used to the legitimate network. 

In his BSides Exeter presentation, the researcher describes the active strategy as visiting active phishing sites identified by Defender and entering the honeypot renters' credentials. Because the credentials are not safeguarded by two-factor authentication and the tenants include realistic-looking information, attackers can easily get access and begin spending time hunting for evidence of a trap. 

Microsoft claims to monitor over 25,000 phishing sites every day, providing about 20% of them with honeypot credentials; the others are prevented by CAPTCHA or other anti-bot techniques. 

Once the attackers log into the fake tenants, which occurs in 5% of cases, extensive logging is enabled to follow every activity they perform, allowing them to learn the threat actors' methods, approaches, and procedures. IP addresses, browsers, location, behavioural patterns, whether they use VPNs or VPSs, and the phishing kits they employ are all part of the intelligence gathered. 

Furthermore, when attackers attempt to interact with the fake accounts in the environment, Microsoft blocks responses as much as feasible. The deception technology now takes an attacker 30 days to realise they have breached a fictitious environment. Microsoft has regularly gathered actionable data that other security teams could use to construct more complex profiles and better defences.
Read more »
Ransomware Gang
Armenia Cyber Security Azure Azure Storage Data Theft Ransomware Gang

Ransomware Outfits Are Exploiting Microsoft Azure Tool For Data Theft

 

Ransomware gangs like BianLian and Rhysida are increasingly using Microsoft's Azure Storage Explorer and AzCopy to steal data from compromised networks and store it in Azure Blob Storage. Storage Explorer is a graphical management tool for Microsoft Azure, whereas AzCopy is a command-line utility for large-scale data transfers to and from Azure storage. 

The stolen data in these attacks is thereafter kept in an Azure Blob container in the cloud, where threat actors can subsequently move it to their own storage, according to cybersecurity firm modePUSH's observations. 

However, the researchers observed that the perpetrators had to do additional work to make Azure Storage Explorer operate, such as installing prerequisites and upgrading.NET to version 8. This reflects the growing emphasis on data theft in ransomware operations, which is the primary leverage for threat actors in the subsequent extortion phase. 

Why Azure?

Though each ransomware gang has a unique set of exfiltration tools, they often use Rclone for syncing data with various cloud providers and MEGAsync for syncing with the MEGA cloud. 

Furthermore, Azure's scalability and efficiency, which allow it to manage massive volumes of unstructured data, are extremely useful when attackers want to exfiltrate large numbers of files in the least amount of time. 

ModePUSH claims to have noticed ransomware attackers employing numerous instances of Azure Storage Explorer to upload data to a blob container, hence speeding up the process. 

Uncovering ransomware exfiltration

The researchers discovered that the threat actors set the default 'Info' level logging while using Storage Explorer and AzCopy, which generates a log file at%USERPROFILE%\.azcopy. 

This log file is especially useful for incident responders since it contains information on file actions, allowing investigators to rapidly determine which data was stolen (UPLOADSUCCESSFUL) and which payloads were potentially injected (DOWNLOADSUCCESSFUL). 

Defence strategies include establishing alarms for odd patterns in file copying or access on crucial systems, monitoring for AzCopy execution, and tracking outbound network traffic to Azure Blob Storage endpoints at ".blob.core.windows.net" or Azure IP ranges. 

If an organisation already uses Azure, it is advised to use the 'Logout on Exit' feature, which will log users out automatically when they close the program, to stop hackers from stealing files with an ongoing session.
Read more »
Microsoft
Azure Data Breach data scam Data Theft Microsoft

Security researcher says Azure Tags are security threat but Microsoft disagrees

 

Tenable recently identified a notable security issue within Microsoft's Azure Network service tags. While Tenable classified this as a high-severity vulnerability, Microsoft disagreed with this classification. Despite their differences, both companies jointly disclosed the security issue on Monday. 

What is Azure? 

Azure is Microsoft's comprehensive public cloud platform, offering over 200 services. These include Platform as a Service (PaaS) for application development and operation, Infrastructure as a Service (IaaS) for virtual machines, networking, and storage, and Managed Database Services for simplified database management. Azure supports developers, IT professionals, and business owners, providing the tools to build, run, and manage applications across multiple environments, including on-premises and edge locations. This flexibility and scalability make Azure adaptable to a wide range of organizational needs. 

What is the Issue?

Azure service tags represent groups of IP addresses for various Azure services, streamlining the creation of access control rules. These tags can be used in firewall settings to permit traffic from specific Azure services. However, Tenable uncovered a serious flaw: attackers could potentially bypass firewall rules that rely exclusively on service tags by masquerading as trusted services. 

Specific Vulnerability Scenario 

The vulnerability arises under the following conditions: Inbound traffic is permitted through a service tag. Services allowing inbound traffic might let users control parts of web requests, such as the URL path or destination host. An attacker in one tenant (Tenant A) could exploit this to access resources in another tenant (Tenant B) if the target allows traffic from the service tag and lacks additional authentication methods. For example, Azure Monitor Availability Tests use the ApplicationInsightsAvailability service tag for synthetic monitoring. A malicious user could exploit this setup to access endpoints in a different subscription. 

What Customer Should do? 

Reviewing and Strengthening Security Posture Azure customers using service tags should reevaluate their network settings: Recognize that relying solely on service tags does not fully secure traffic. Implement additional authentication and authorization checks for enhanced security. Ensure appropriate security measures are in place to safeguard traffic between Azure tenants. Refer to Microsoft's updated best practices for service tags and specific service guidelines. Adhere to Azure security fundamentals to secure your Azure platform and infrastructure. Enable and configure suitable monitoring controls in Azure Monitor. Example Mitigation Strategy To protect against unauthorized traffic via the ApplicationInsightsAvailability service tag, customers can create a token and include it as an HTTP header in availability tests. Validate this HTTP header in incoming requests to authenticate traffic origins, rejecting any requests missing the custom header. 

Microsoft’s Response and Mitigation Following Tenable's report, 

Conducted an extensive review and search for similar vulnerabilities. 

Updated documentation for Azure services utilizing inbound service tags. 

Released best practices for service tags to aid users in securing their environments more effectively. 

This collaborative disclosure by Tenable and Microsoft underscores the importance for Azure customers to regularly review and enhance their network security configurations. Service tags should be integrated into a comprehensive security strategy that includes robust authentication and monitoring practices.
Read more »
Phishing Campaigns
Azure Phishing Attacks Phishing Campaigns

Phishing and Cloud Account Takeover Campaign Targeting Microsoft Azure Users

 


In a security breach, several Azure accounts were compromised, which resulted in the loss of important data from the users. A cyberattack was launched against senior executives in several major corporations and affected a variety of environments at the same time. 

In November 2023, Proofpoint, a cybersecurity company, discovered a harmful attack by combining cloud account takeover (ATO) with phishing techniques that would steal credentials from the victim. This attack used the same harmful campaign that was discovered by Proofpoint in November 2023. 

It is alleged that the hackers have used proxy services to get around geographical limitations and conceal their actual location, which would allow them to access both Office Home and Microsoft 365 applications at the same time. It is thought that the attackers used links in the papers that led to phishing websites to execute the attack. 

The anchor text for some of these links was “View document,” which made no sense to me as it did not imply anything about their real location. There was a well-planned attack that targeted both mid-level employees and senior employees, though a greater number of the former employees' accounts were hacked as a result. 

According to Proofpoint, CEOs, presidents, account managers, finance directors, vice presidents of operations, and sales directors were the most common targets. In this way, the attackers were able to gain access to information from all levels and domains of the organization. 

A cybercriminal will often use their own MFA (multifactor authentication) in these types of attacks to extend access to an account that has been compromised by the attackers. To prevent the user from regaining access, attackers add a second mobile number or set up an authentication app. To conceal their traces, attackers also destroy any evidence that suggests questionable behaviour. 

The most targeted positions were mid to senior-level, including sales directors, account managers, financial directors, operations vice presidents, and CEOs, among others. The attackers were able to gain access to a wide variety of organizational information as a result of this. 

As a result, the attackers have also instituted methods to maintain access, such as setting up a multi-factor authentication system and erasing all evidence of their intrusion. Data theft and financial fraud appear to be the primary goals of these attacks. 

It is not yet confirmed who the perpetrators are, although the evidence suggests that they will be located in Russia or Nigeria, and will use ISPs that are located in these countries.
Read more »
Software
Artifical Intelligence Azure Cloud Service cloud storage Cyber Security Encryption Microsoft SentineLabs Software

Microsoft's Rise as a Cybersecurity Powerhouse

Tech titan Microsoft has emerged as an unexpected yet potent competitor in the cybersecurity industry in a time of rapid digital transformation and rising cyber threats. The company has quickly evolved from its conventional position to become a cybersecurity juggernaut, meeting the urgent demands of both consumers and enterprises in terms of digital security thanks to its broad suite of software and cloud services.

Microsoft entered the field of cybersecurity gradually and strategically. A whopping $20 billion in security-related revenue has been produced by the corporation, according to recent reports, underlining its dedication to protecting its clients from an increasingly complicated cyber scenario. This unexpected change was brought on by many strategic acquisitions and a paradigm shift that prioritized security in all of its services.

The business has considerably improved its capacity to deliver cutting-edge threat information and improved security solutions as a result of its acquisition of cybersecurity businesses like RiskIQ and ReFirm Labs. Microsoft has been able to offer a comprehensive package of services that cover threat detection, prevention, and response by incorporating these cutting-edge technologies into its current portfolio.

The Azure cloud platform is one of the main factors contributing to Microsoft's success in the cybersecurity industry. As more companies move their operations to the cloud, it is crucial to protect the cloud infrastructure. Azure has been used by Microsoft to provide strong security solutions that protect networks, programs, and data. For instance, its Azure Sentinel service uses machine learning and artificial intelligence to analyze enormous volumes of data and find anomalies that could point to possible security breaches.

Furthermore, Microsoft's commitment to addressing cybersecurity issues goes beyond its own products. The business has taken the initiative to work with the larger cybersecurity community in order to exchange threat intelligence and best practices. Its participation in efforts like the Cybersecurity Tech Accord, which combines international tech companies to safeguard clients from cyber dangers, is an example of this collaborative approach.

Microsoft's success in the field of cybersecurity is not without its difficulties, though. The broader cybersecurity sector continues to be beset by a chronic spending issue as it works to strengthen digital defenses. Microsoft makes large investments in security, but many other companies find it difficult to set aside enough funding to properly combat attacks that are always developing.



Read more »
Windows Users
Azure Azure Attack Cyber Security Microsoft Windows Users

Microsoft’s Security Practices Under Fire: Is the Azure Platform Safe

Microsoft Azure

Allegations against Microsoft’s security practices

Microsoft has recently come under fire for its security practices, with critics claiming that the Azure platform is “worse than you think.” According to an article on TechSpot, Tenable CEO Amit Yoran has criticized Microsoft for its lax security practices and lack of transparency regarding breaches. He asserts that the Azure platform harbors serious vulnerabilities, about which Microsoft has deliberately kept its customers in the dark.

This is not the first time Microsoft has faced criticism for its security practices. In the past, the company has been accused of failing to protect user data adequately and of not being transparent about data breaches. In this case, Yoran claims that Microsoft needs to be more forthcoming about the extent of the vulnerabilities present in the Azure platform.

Implications for customers

The implications of these allegations are profound. If true, it would mean that Microsoft has knowingly put its customers at risk by failing to disclose vulnerabilities in its platform. This could expose sensitive data to hackers and other malicious actors, putting individuals and organizations at risk.

It is important to note that these allegations have not been proven and that Microsoft has not yet responded. However, if authentic, it would represent a significant breach of trust between Microsoft and its customers. Companies rely on cloud platforms like Azure to store and manage their data, and they expect these platforms to be secure and transparent about any potential risks.

Evaluating cloud security

In light of these allegations, it is essential for companies to evaluate their use of cloud platforms carefully and to ensure that they are taking appropriate measures to protect their data. This may include using additional security measures such as encryption and multi-factor authentication and regularly reviewing their cloud provider’s security practices.

The recent allegations against Microsoft regarding its security practices and the Azure platform are concerning. If true, they represent a significant breach of trust between Microsoft and its customers. It is essential for companies to evaluate their use of cloud platforms carefully and to take appropriate measures to protect their data. 

Read more »
Windows
Azure China CISA Cyber Security MFA Microsoft 365 Sensitive Data Leak User Data Windows

Microsoft Offers Free Security Features Amid Recent Hacks

Microsoft has taken a big step to strengthen the security of its products in response to the growing cybersecurity threats and a number of recent high-profile attacks. The business has declared that it will offer all users essential security features at no cost. Microsoft is making this change in an effort to allay concerns about the security of its platforms and shield its users from potential cyberattacks.

The Messenger, The Register, and Bloomberg all reported that Microsoft made the decision to offer these security capabilities free of charge in response to mounting demand to improve security across its whole portfolio of products. Recent cyberattacks have brought up important issues with data privacy and information security, necessitating the development of stronger protection methods.

A number of allegedly state-sponsored hacks, with China as a particular target, are one of the main drivers behind this tactical approach. Governments, corporations, and individual users all over the world are extremely concerned about these breaches since they target not only crucial infrastructure but also important data.

Improved encryption tools, multi-factor authentication, and cutting-edge threat detection capabilities are among the free security improvements. Users of Microsoft's operating systems, including Windows 10 and Windows 11, as well as cloud-based services like Microsoft 365 and Azure, will have access to these functionalities. Microsoft wants to make these crucial security features available to a broader variety of customers, independent of subscription plans, by removing the financial barrier.

Microsoft responded to the judgment by saying, "We take the security of our customers' data and their privacy extremely seriously. We think it is our duty to provide our users with the best defenses possible as threats continue to evolve. We believe that by making these security features available for free, more people will take advantage of them and improve their overall cybersecurity posture.

Industry professionals applaud Microsoft for choosing to offer these security measures without charge. This is a huge step in the right direction, said Mark Thompson, a cybersecurity analyst with TechDefend. Because these services are free, Microsoft is enabling its users to properly defend themselves against possible attacks as cyber threats become more complex.

The action is also in line with the work of other cybersecurity organizations, including the Cybersecurity and Infrastructure Security Agency (CISA), which has been promoting improved cooperation amongst IT businesses to battle cyber threats.

Although the choice definitely benefits customers, it also poses a challenge for other digital firms in the sector. Customers are expected to demand comparable initiatives from other big players in response to the growing emphasis on data security and privacy, driving the entire sector toward a more secure future.

Read more »
Privacy
Azure Business ChatGPT Cyberattacks Cybersecurity Microsoft OpenAI Privacy

Microsoft's Response to "Privacy-Concerns" of ChatGPT in Business

 


As a response to concerns over using individuals' data to train artificial intelligence models, Microsoft is considering launching a privacy-centric version of ChatGPT. There is a possibility that the decision will be attractive to industries such as healthcare, finance, and banking that have not adopted ChatGPT. This is because they are concerned that sensitive information will be shared with the system by their staff. This is due to the risk of sensitive information being shared. 

The use of ChatGPT has greatly benefited some businesses, especially banks and other corporations. However, these companies have resisted the adoption of the technology due to privacy concerns. They fear that their employees might unintentionally disclose confidential information while using it. 

By adding OpenAI's GPT-4 or ChatGPT to Azure, Microsoft wants to make it easier for enterprises to integrate proprietary data with user queries. In addition, Microsoft wants to see the results of its analytics on this platform. 

A user fires off a query to Azure; Microsoft's cloud determines what data is required to complete that query, so it is returned to the user as soon as possible. Using the question and the retrieving information, an initial query is created, which is then passed on to an OpenAI model of choice hosted in Azure. The model predicts an answer, which is sent back to the user. 

Some businesses have already become interested in the new artificial intelligence-powered chatbot to automate their business processes, but many others, such as banks, have opted against adopting it for fear that the chatbot will inadvertently give them proprietary information when used by their employees. 

According to reports, Microsoft, which holds the rights to resell the startup's technology, has a plan in place to get holdouts on board. 

As part of the AI tool, a separate version will operate on separate cloud servers. This version will be kept apart from other customers' data, to ensure privacy. Dedicated servers will store the data separately from the main ChatGPT system to ensure the privacy of the data stored on these dedicated servers. As a result, customers would have to pay up to 10 times more for private ChatGPT setup compared with the charges they face currently. 

It is also planned for OpenAI to launch an exclusive subscription service for businesses that will focus on privacy by not allowing users' data to be fed into those training models by default. 

Additionally, OpenAI has sold a private ChatGPT service to Morgan Stanley as part of its recent sales activity. A wealth management division of the bank can use this platform to ask questions and analyze thousands of market research documents that have been generated over the years by its wealth management division. Microsoft has already invested multi-year, multibillion-dollar amounts in OpenAI, which means that it can resell its products without violating any terms. 

In response to the voluminous data that ChatGPT gathered from numerous sources in its initial training and continues to collect from its users, there have been numerous privacy and regulatory concerns about ChatGPT since its release. Microsoft seems to have taken the opposite approach. Andy Beatman, senior product marketing manager of Azure AI, said that this enhanced data handover feature is among the most requested features among customers. 

As reported by The Register, the upcoming system, which will undergo a public preview after being released in the spring, operates on Azure for retrieving relevant data. This is so it can best satisfy the worker's request based on its internal data. 

Microsoft also explained that Azure OpenAI delivers insights based on the content and level of information provided by the user. Together with Azure Cognitive Search, this data can be retrieved for the user based on their input and conversation history. 

However, there is a drawback to this type of ChatGPT, which will come with a cost of deployment that will be higher than that of the public version, thus making it a rather high-priced option. Reports suggest that exclusive instances of ChatGPT could have a price tag that is up to 10 times more than what clients are currently paying for using a standard version of the software. 

As part of OpenAI's ongoing efforts to develop a similar offering to Microsoft's 'private' ChatGPT, the company will be releasing it in the "coming months." According to the company, by default, the subscription-based service will not use the input provided by employees and clients when training its language models. 

Since OpenAI was banned in Italy as a result of the chat history being used for training the AI model as part of the search engine results, an option has been added to shut off the chat history. A company spokesperson mentioned that ChatGPT now can turn off chat history and plans to introduce that soon. The conversations started during the period when chat history is disabled will not be used for training or improving their models, and will not appear in the sidebar of the history of the conversation. 

There is no doubt that Microsoft's AI-based privacy-centric service can be a game changer for businesses that receive and manage sensitive and important data. When Samsung found out that some of its employees were uploading company source code to the devices they use in the workplace, they banned them from using generational AI chatbots at work or on devices they use for their work. Several Microsoft representatives are already contacting organizations who could be interested in this upcoming product since many existing customers have contracts with Azure that could prove to be beneficial in securely managing data in the coming years.
Read more »
Subscribe to: Posts (Atom)