USA +1 855 726 4878  |  BR +55 11 3069 3925 

Microsoft Attack: How can PAM help me?

by | Mar 25, 2022 | BLOG

Each day more news of cyber attacks come up in the media, involving from Small and Medium Enterprises (SMEs) to large business conglomerates. These attacks can have several motivations: they can only serve as alerts for organizations to increase their cybersecurity maturity; steal the data to resell it on the Deep Web; cause harm to the organization; or carry out extortion. This is in addition to the operational and image losses that organizations can suffer, which can be incalculable. It is important to emphasize that cybersecurity risks are increasingly associated with business risks, and must be considered by senior management when defining their business strategies. 

The Lapsus$ cyber gang has been doing quite a bit of damage these past few days. Okta and Microsoft are among the targets of successful attacks by DEV-0537, as the gang is called by the developer of Windows. Do you want to understand how the attacks on Microsoft and Okta occurred, and how the attacks could be prevented or minimized? Read this article until the end and we will explain.

Lapsus$ started its activities targeting organizations in the UK and South America. The cyber gang then expanded its actions to global targets, including government, technology, telecom, media, retail and healthcare. In both Microsoft and Okta cases, the malicious attackers used privileged credentials to carry out their attacks. According to the Verizon 2021 Data Breach Investigations Report, 61% of cyberattacks involved privileged credentials. But why are high-privilege credentials among cybercriminals’ favorite targets?

 Well, the main reason for the high rate of attacks through privileged credentials is because they allow the execution of a series of administrative activities in the environment. Transferring resources in an ERP system or changing the settings of a firewall or email server are some of the activities that can be performed using this type of credential. It’s no wonder they’re also called “keys to the kingdom”: privileged credentials give you unlimited access to your organization’s most critical devices, applications, and data.

 It is also worth remembering that Lapsus$ uses Social Engineering as a technique to gain access to privileged credentials, as well as in 35% of cyber attacks, according to the Verizon report. Techniques used by Lapsus$ include SIM Swapping, paying employees and third parties in exchange for their credentials or configured MFAs, or Social Engineering over the phone.

In the case of Okta, according to its CSO, the malicious attackers had access to a device of a Support engineer in a time window of six days, between January 16 and 21, 2022. Also according to the Okta executive, the cyber attack affected a low percentage of customers – approximately 2.5% or 400 customers.

Microsoft’s investigation of the incident found a compromised privileged account, which allowed access to their environment. However, the malicious attackers were not able to access personal data, such as customers, but they had access to the company’s source code, although Microsoft does not consider this fact serious.

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

13 + 15 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.

To help organizations manage and protect their privileged credentials, there is Privileged Access Management, or PAM. According to Gartner, PAM solutions help organizations provide privileged access to critical assets and achieve compliance by managing and monitoring privileged accounts and access.

Also according to Gartner, it is impossible to manage privileged access risks without specific Privileged Access Management tools. But how can the senhasegura PAM security platform help prevent, detect and remediate cyberattacks such as those that occurred with Okta and Microsoft?

senhasegura offers an approach based on the privileged access lifecycle: from the actions performed before, during and after access.

Initially, senhasegura offers Credential Management features, which allow the user to view the password of a credential to access a device or application. senhasegura also allows you to configure criteria for password change, such as number of uses, specific date and time, or elapsed time.

 senhasegura also offers Remote Session Management functionality, which further increases security in relation to pure credential management. In this case, senhasegura records and stores all remote sessions carried out through the solution.

senhasegura’s Threat and Behavior Analysis allows the identification and response to any change in behavior patterns and user access profiles. In case of detection of suspicious access, the LiveStream functionality allows the Information Security team to monitor all actions performed by the user, being possible to block or interrupt the session in case of suspicious behavior.

 All actions performed by users through remote sessions on senhasegura are logged. In this case, the Security team is able to search for specific commands performed by the user, allowing them to easily find potentially malicious ones.

 Finally, senhasegura offers senhasegura Domum, which provides secure remote access for employees and third parties, providing Zero Trust-based access without the need for additional configuration, such as VPN, or access to the PAM solution. All of this with all the security features already offered by the PAM platform.

 We have seen that when it comes to cybersecurity, the question is not “if” the attack will occur, but when. Many of these cyberattacks involve privileged credentials, also called “keys to the kingdom”. According to Gartner, it is impossible to manage the risks associated with privileged access without specific tools. senhasegura offers a complete PAM platform, which covers the entire privileged access lifecycle. In this way, it is possible to quickly detect potentially malicious actions, thus allowing the reduction of operational costs in addition to compliance with regulatory requirements and security policies.

$13 million growth investment drives senhasegura’s expansion in North America and the Middle East

Written by Priscilla Silva São Paulo, March 10, 2023 - senhasegura, an award-winning Privileged Access Management (PAM) solution provider that protects corporate IT environments and critical resources from cyber threats, announces a $13 million funding round from...

senhasegura wins CyberSecured 2022 award as best PAM solution in the USA

Written by Priscilla Silva SÃO PAULO, February 28 of 2023 - The 2022 edition of the CyberSecured awards, promoted by Security Today magazine, a brand of 1105 Media's Infrastructure Solutions Group, elected senhasegura as the winner in the Privileged Access Management...

How User and Entity Behavior Analytics Helps Cybersecurity

Cyberattacks are increasingly sophisticated, making traditional digital security tools insufficient to protect organizations from malicious actors. In 2015, Gartner defined a category of solutions called User and Entity Behavior Analytics (UEBA).Its big advantage is...

Best Practices for Consolidating Active Directory

This article was developed especially for you, who have questions about the best practices for consolidating Active Directory. First of all, you need to understand that directory services have the role of organizing important information for companies in a centralized...

senhasegura introduces the “Jiu-JitCISO” concept to show the power of Brazilian cybersecurity

Written by Priscilla Silva São Paulo, January 13, 2023 - "Like Jiu-Jitsu senhasegura is about self-defense. Every company must know how to protect itself and its clients". This is the aim based on the philosophy of the Japanese martial art, but made popular and...