Microsoft: How 'zero trust' can protect against sophisticated hacking attacks
The variety of techniques used by the SolarWinds hackers was sophisticated yet in many ways also ordinary and preventable, according to Microsoft.
To prevent future attacks of similar levels of sophistication, Microsoft is recommending organizations adopt a "zero trust mentality", which disavows the assumption that everything inside an IT network is safe. That is, organizations should assume breach and explicitly verify the security of user accounts, endpoint devices, the network and other resources.
As Microsoft's director of identity security, Alex Weinert, notes in a blogpost, the three main attack vectors were compromised user accounts, compromised vendor accounts, and compromised vendor software. Thousands of companies were affected by the SolarWinds breach, disclosed in mid-December. The hackers, known as UNC2452/Dark Halo, targeted the build environment for SolarWinds' Orion software, tampering with the process when a program is compiled from source code to a binary executable deployed by customers.