Free Azure Security tools will be released by CrowdStrike

CrowdStrike, a Leading Cybersecurity Firm have been notified by Microsoft on the attempted made by the threat actors to access and read the organisations’ emails via Microsoft Azure Credentials that been compromised.

Micheal Sentonas, CrowdStrike CTO have been disclosed here that sound like belows:

Specifically, they identified a reseller’s Microsoft Azure account used for managing CrowdStrike’s Microsoft Office licenses was observed making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago. There was an attempt to read email, which failed as confirmed by Microsoft. As part of our secure IT architecture, CrowdStrike does not use Office 365 email

Microsoft has disclosed about the attack that been published this month where they explained how stolen a credentials and access tokens. The recommended to the organization that uses Azure and Azure Administrator to study deeply on how of the attack flow and how to discover any suspicious behaviour within the organization’s network

CrowdStrike have been analysed their Azure environment and it was deemed not been compromised by the attacks related to SolarWinds. The most challenging things found during their analysis is it’s hard to enumerate privileges that been allocated to their third-party resellers and partners

Sentonas have said that

We found it particularly challenging that many of the steps required to investigate are not documented, there was an inability to audit via API, and there is the requirement for global admin rights to view important information which we found to be excessive. Key information should be easily accessible

CrowdStrike Reporting Tool for Azure

Source: CrowdStrike Reporting Tool for Azure

The description for the tools is been taken from CrowdStrike Reporting Tool for Azure

Reference:

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *