![]() ![]() This is how our Email ATP service has been designed, and has been stopping email threats efficiently for 19+ years in the security industry. Logix believes stronger, more intuitive gatekeeping is a much better practice that can stop email threats at the entry level itself. This happens not because of cracks in the way email service providers enforce security, but because they add protection layers from the data first and then move up to the application and users. Why Strong Email Security Mattersīy reading about these cases, it must have become apparent, you can do everything right and still fall prey to an attack. In the case of SolarWinds security breach, Dark Halo fiddled around with Microsoft Exchange’s data handling methods to steal email IDs which it then used to gain illegal access to the mailboxes. Post-attack logs of some of the companies struck by Dark Halo show that these hackers made a request to login using authentic email IDs they’d snicked from monitoring email communication, but were able to get in without providing the OTP required by MFA. They used trickery and vulnerabilities in the way email servers used user sessions to get into the system. Their preferred way of gaining access was to breach email accounts that had Multi-Factor Authentication by trying to bypass it altogether. They only relied on malicious payload as a last resort. They mainly attempt to extract email communication by monitoring weekly emails and operation patterns. The group UNC2452 or Dark Halo has been pretty active. “Our internal systems showed no evidence of unauthorized access or compromise in any on-premises and production environments,” Marcin Kleczynski, Co-Founder and CEO Malwarebytes, said. Taking cue from the SolarWinds breach, which had severly impacted SolarWinds supply chain products, Malwarebytes themselves performed a stringent audit of their products and source code. However, the investigation soon revealed that Dark Halo had only managed to hack into very few internal email accounts. ![]() They wanted to assess exactly how much damage the breach had caused. Soon after learning of the security breach, Malwarebytes launched a full scale internal investigation. MSRC already suspected some illicit activities being carried out by taking advantage of dormant Office 365 security apps. Malwarebytes originally became aware of the security breach through Microsoft’s Security Response Center (MSRC) back in December 2020. The intrusion operated using malicious apps created by the SolarWinds hackers, who’ve become infamous in the security world as UNC2452 or Dark Halo. In fact, Microsoft itself was in the process of revising the security measures of its Office 365 and Azure services, because these showed signed of an intrusion. Also, Malwarebytes realized it was not the only company targeted by this particular case of cyber-attack. The security breach, as it quickly found out, came from a dormant O365 security app. Malwarebytes has clarified that there isn’t any linkage between the original breach at SolarWinds. ![]() How did this security breach impact Malwarebytes? How did this security breach impact Malwarebytes?.Malwarebytes does not use the SolarWinds Orion network monitoring tool that was compromised in the supply chain attack discovered last year. This allowed the attacker to authenticate with the digital key generated and to make application programming interface calls to request emails via the Microsoft Graph application. In Malwarebytes' case, the attacker added a self-signed digital certificate with credentials to the service principal account. Threat actors may have obtained initial access with sufficient administrative privileges through password guessing and spraying. The attacker is believed to have abused applications with privileged access to Microsoft Office 365 and the Azure cloud computing environment to breach Malwarebytes, Kieczynski said.Ī flaw in Azure Active Directory discovered in 2019 allows attackers to abuse third-party applications to get access to tenants, Kieczynski said. "Our internal systems showed no evidence of unauthorised access or compromise in any on-premises and production environments," he wrote. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |