When it comes to data security, a threat is any potential danger to information or systems. Threats could be an intruder network through a port on the firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information or destroy a file’s integrity.
It’s critical for every business to understand its risk. An important step in data security is to identify potential threats, classify them by category, and evaluate the damage potential to the company. Use this checklist to understand common data threats and assess how they may affect your business. Unfortunately, one of the biggest tech companies, Microsoft, has failed to secure our data and identities and has exposed many companies and organizations to hacker attacks and bugs.
Identity Exploitation Attack
The threat landscape is more sophisticated than ever and damages have soared—the Federal Bureau of Investigation’s 2021 IC3 report found that the cost of cybercrime now totals more than USD6.9 billion.1 To counter these threats, Microsoft is continuously aggregating signal and threat intelligence across the digital estate, which is enabling us to track threat actors much more closely and to better understand their behavior over time.
At the moment, Microsoft tracks 35 ransomware families, and more than 250 unique nation-states, cybercriminals, and other threat actors. Our cloud also processes and analyzes more than 43 trillion security signals every single day. This massive amount of intelligence derived from our platform and products gives us unique insights to help protect customers from the inside out. In addition, our acquisition of RiskIQ just over a year ago, has allowed us to provide customers with unique visibility into threat actor activity, behavior patterns, and targeting.
They can also map their digital environment and infrastructure to view their organization as an attacker would. That outside-in view delivers even deeper insights to help organizations predict the malicious activity and secure unmanaged resources.
Incompetent Security Protocols
Last year has proved to be somewhat of a security annus horribilis for tech giant Microsoft, with numerous vulnerabilities impacting several of its leading services, including Active Directory, Exchange, and Azure. Microsoft is no stranger to being targeted by attackers seeking to exploit known and zero-day vulnerabilities, but the rate and scale of the incidents it has faced since early March have put the tech giant on its back foot for at least a moment or two.
The most recent attack involves a group of Security researchers who flagged a notorious cyberespionage group with ties to the Russian government deploying a new backdoor designed to exploit Active Directory Federation Services (AD FS) and steal configuration databases and security token certificates. Microsoft attributed the malware program FoggyWeb to the group NOBELIUM (also known as APT29 or Cozy Bear)—believed to be behind the SUNBURST backdoor.
And dozens of other such attacks have been made in the past year or so and almost no companies had any effective vulnerability. As the incidents of the last several months shows, Microsoft services remain a significant target for attack and exploitation, while vulnerabilities within them continue to come to light.
“Microsoft apps and systems continue to be high-value targets for hackers because they are so widely deployed across the globe,”
Another such incident happen recently as Microsoft, warned of a remote code execution vulnerability (CVE-2021-40444) impacting MSHTML (aka Trident) being actively exploited in the wild. Trident is a proprietary browser engine for the Microsoft Windows version of Internet Explorer and was under threat from attacks using specially crafted Microsoft Office documents hosting the browser rendering engine.
“The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,” Microsoft wrote.
Exploitation was described as low in complexity and repeatable, with the capability to impact resources beyond the security scope managed by the security authority of the vulnerable component. Microsoft released security updates to address the vulnerability on September 14 and urged customers to keep anti-malware products up to date.