Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

CrowdStrike Releases Free Azure Security Tool After Failed Hack

CrowdStrike Releases Free Azure Security Tool After Failed Hack

Leading cybersecurity firm CrowdStrike was notified by Microsoft that threat actors had attempted to read the company’s emails through compromised by Microsoft Azure credentials.

Earlier this month, it was discovered that the SolarWinds network management company suffered a cyberattack where threat actors modified their software to install backdoors on customers’ networks via a supply chain attack.

Due to this attack, SolarWinds customers have been scrambling to analyze their networks to see if they were compromised in the supply chain attack.

After performing an analysis of their internal and production environment, CrowdStrike stated Thursday that they had found no signs that the SolarWinds breach impacted them.

Hackers compromised Microsoft reseller accounts

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

While performing their investigation, CrowdStrike was told by Microsoft on December 15th that a compromised Microsoft Azure reseller’s account was used to try and read CrowdStrike’s emails.

“Specifically, they identified a reseller’s Microsoft Azure account used for managing CrowdStrike’s Microsoft Office licenses was observed making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago. There was an attempt to read email, which failed as confirmed by Microsoft. As part of our secure IT architecture, CrowdStrike does not use Office 365 email,” CrowdStrike CTO Michael Sentonas disclosed.

A source familiar with the investigation told Reuters that the compromised reseller account had attempted to enable Office 365 ‘Read’ privileges to access CrowdStrike’s email. As CrowdStrike does not use Office 365, the attack failed.

Microsoft senior director Jeff Jones told Reuters that this attack was made by the hackers stealing the credentials for the Microsoft reseller’s account rather than vulnerabilities in their products or cloud services.

“Our investigation of recent attacks has found incidents involving abuse of credentials to gain access, which can come in several forms,” Jones told Reuters. “We have not identified any vulnerabilities or compromise of Microsoft product or cloud services.”

In two articles published this month, Microsoft disclosed how stolen credentials and access tokens are being used to target Azure customers. It is strongly recommended that Azure administrators review these articles to learn more about these attacks and discover anomalous behavior in their tenants.

CrowdStrike has stated that they do not know of any attribution or connection between their attempted hack and the attackers behind the SolarWinds attack.

CrowdSrike releases tool to analyze Azure tenants

After learning of this attempted attack, CrowdStrike analyzed their Azure environment and found it was not compromised. However, during this analysis, they found it challenging to use Azure’s administrative tools to enumerate privileges assigned to third-party resellers and partners in their Azure tenant.

“We found it particularly challenging that many of the steps required to investigate are not documented, there was an inability to audit via API, and there is the requirement for global admin rights to view important information which we found to be excessive. Key information should be easily accessible,” Sentonas continued.

To help administrators analyze their Microsoft Azure environment and see what privileges are assigned to third-party resellers and partners, CrowdStrike has released a free CrowdStrike Reporting Tool for Azure (CRT) tool.

CrowdStrike Reporting Tool for Azure

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

This tool will analyze an Azure environment and create a report listing the following:

Exchange Online (O365):

  • Federation Configuration
  • Federation Trust
  • Client Access Settings Configured on Mailboxes
  • Mail Forwarding Rules for Remote Domains
  • Mailbox SMTP Forwarding Rules
  • Delegates with ‘Full Access’ Permission Granted
  • Delegates with Any Permissions Granted
  • Delegates with ‘Send As’ or ‘SendOnBehalf’ Permissions
  • Exchange Online PowerShell Enabled Users
  • Users with ‘Audit Bypass’ Enabled
  • Mailboxes Hidden from the Global Address List (GAL)

Azure AD:

  • Service Principal Objects with KeyCredentials
  • O365 Admin Groups Report
  • Delegated Permissions & Application Permissions

CrowdStrike has created full instructions on how to download and use this tool on their GitHub page.

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us