Название: Securing Microsoft 365
Автор: Joe Stocker
Издательство: Publishing Xpert
Год: 2021
Страниц: 270
Язык: английский
Формат: pdf, epub
Размер: 12.6 MB

Learn how to defend against the top cybersecurity threats targeting Microsoft 365 including attacks on Identity, Email and Devices.

Network Firewalls have been the de facto security perimeter since they were invented in the late 1980s. If a firewall blocked all incoming traffic from the internet, then the level of difficulty for the hacker was significant. So, what changed? As organizations began adopting Cloud Computing in general, or Software as a Service (SaaS) in particular, the security perimeter shifted to the credentials used to authenticate to internet-connected systems. More than 80% of breaches in the present era can be traced to a guessed or stolen password. Attacks have now shifted to target the identity of users, as there are now less than 5 percent breaches involving exploitation of a software vulnerability. Ten years ago, an email address was typically different from the username, and so when organizations started moving to the cloud, they changed the username to equal the email address. This one change reduced the number of factors for an attacker to guess by 50 percent.

For Microsoft 365, the username is the email address, and for 90 percent of all M365 users, it is protected by a single factor (a password). This is a HUGE problem because anyone with an internet connection can attempt to guess the password of nearly any account. While Azure Active Directory has a configurable lockout policy (the default is to lock the account after 10 failed attempts), clever attackers are using global botnets to perform password sprays in parallel, at a rate of 4,000 guesses per hour. This is due to the Githubification[8] of security tools, where junior-level hackers can leverage code written by skilled programmers (in the 2000’s they were called “script kiddies”). Various studies have found that users will click on around 20 percent to 50 percent of phishing emails designed to trick the user into giving away their username and password.

Another thing that changed was the aggregation of password dumps for sale in dark corners of the internet, making it simple for newbie hackers to perform more effective targeted attacks using “credential stuffing tools[9]” such as Snipr or Hydra. These are automated credential verification tools that take some of the 11 billion passwords dumped[10] from all the hacked websites over the years and target a list of popular websites like Microsoft 365 or Google. These tools leverage a human weakness known as password recycling, where we often reuse the same password on sites like Netflix with other websites such as Spotify. If one of these sites is hacked and the credentials are obtained, hackers load these passwords into tools to see what other websites the email address and password combination will work on.

Are Network Firewalls still important? Absolutely! Researchers at the University of Maryland purposefully placed vulnerable computers on the Internet to see how often they would be attacked and observed one attack every 39 seconds.