Identity Protection Action Items Following Midnight Blizzard Attack

Home » Blog » Identity Protection Action Items Following Midnight Blizzard Attack

In light of the Midnight Blizzard’s attack, it’s evident that our cybersecurity strategies must evolve to keep pace with the sophisticated tactics employed by nation-state actors. This particular breach, initiated through a password spray attack on a legacy, non-production test tenant, underscores several critical areas for immediate action and reflection within our cybersecurity practices:

Enhanced Focus on Multi-factor Authentication (MFA)

While Microsoft now enforces MFA by default to bolster security, this incident accentuates the need for organizations to meticulously review all existing tenants, including older ones, to ensure they are also protected by MFA. It’s a stark reminder that legacy systems and configurations can provide inadvertent backdoors to attackers, making it imperative that we extend modern security measures retrospectively across all digital assets.

Test Tenant Overprivileges

A critical lapse identified in the attack was the excessive permissions granted to a test tenant, which inadvertently allowed access to Microsoft’s corporate environment. This incident emphasizes the necessity of stringent monitoring and restriction of permissions for OAuth apps and other integrations within both production and non-production environments. Ensuring that test tenants adhere to the principle of least privilege and are segregated from production systems is vital in minimizing the risk of such breaches.

The Deceptive Nature of Phishing

Seeing that business email of such security aware companies can be compromised, reminds us all to not view the email address as proof for the authenticity of an email. Even if you receive legitimately looking email from companies you trust, remember that it’s always possible that they’ve been hacked. So avoid entering your credentials when clicking on email links. Also be careful opening files received by email. Instead – use your browser to sign in by typing in the address yourself – if you use Single Sign On it shouldn’t be too much of a hassle. If you need to receive files by email, verify it with the sender before opening, or open the files in a sandbox.

To learn more about how Silverfort takes identity protection where it has never gone before, request a demo.

Stop Identity Threats Now