SPOT Cybersecurity Tip: Microsoft Midnight Blizzard Attack Shows Complex Passwords & MFA Still Matter

Check out more SPOT Cybersecurity Tips!
Click to read more SPOT Cybersecurity Tips!

You might remember in our last SPOT Cybersecurity Tips newsletter the story of how Microsoft made headlines in mid-January when they released their research into the Midnight Blizzard intrusion into their environment. Midnight Blizzard, if you need a refresher, is a state-sponsored Russian group responsible for the SolarWinds attack. They’re a very advanced threat actor. What makes this topic so interesting is that their attack didn’t rely on a zero-day, or really that complex of an attack vector. Microsoft had a legacy non-production account in a tenant that didn’t have a complex password or multifactor authentication (MFA) enabled, allowing the threat actor to conduct a password spray attack and compromise the account. They were then able to pivot internally and read a set of targeted email accounts. If there’s one thing to remember, it’s that criminals are lazy – why use a zero-day exploit when you can just password spray and get in that way?

In the Microsoft attack, complex, unique passwords and MFA would have increased the barrier to entry for both attacks. While no cybersecurity strategy is foolproof, increasing the barrier to entry for attackers can reduce the potential for an attack. So, to summarize:

  • Enable complex, unique passwords for everything. Password managers make this a breeze, and biometric authentication helps quite a bit to reduce attack surfaces as well!
  • Enable MFA across the board. Multifactor authentication comes with its own problems, but reducing the ability for an attacker to gain access to accounts is what matters during incidents.

Want to learn more about how to reduce your cyber risk? Reach out for a complimentary Cybersecurity Discovery Call.