Skip to main content

Microsoft: How 'zero trust' can protect against sophisticated hacking attacks

posted onJanuary 21, 2021
by l33tdawg
Flickr
Credit: Flickr

The variety of techniques used by the SolarWinds hackers was sophisticated yet in many ways also ordinary and preventable, according to Microsoft.

To prevent future attacks of similar levels of sophistication, Microsoft is recommending organizations adopt a "zero trust mentality", which disavows the assumption that everything inside an IT network is safe. That is, organizations should assume breach and explicitly verify the security of user accounts, endpoint devices, the network and other resources.

As Microsoft's director of identity security, Alex Weinert, notes in a blogpost, the three main attack vectors were compromised user accounts, compromised vendor accounts, and compromised vendor software.  Thousands of companies were affected by the SolarWinds breach, disclosed in mid-December. The hackers, known as UNC2452/Dark Halo, targeted the build environment for SolarWinds' Orion software, tampering with the process when a program is compiled from source code to a binary executable deployed by customers.

Source

Tags

Security Microsoft

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th