Posted on Jul 10, 2024
Russian hackers infiltrate Veterans Affairs via Microsoft account
1.98K
10
4
5
5
0
Posted 5 mo ago
Responses: 1
Maj Kevin "Mac" McLaughlin
That's not how it works. Firewalls do not provide protection from compromised accounts as this breach indicated it was. Also “The attack was not the result of a vulnerability in Microsoft products or services,” Microsoft officials said in a January statement. Reading the article, it states this was a single compromised account in a test cloud environment, which says to me, whoopie doo! They were apparently able to compromise the account by using a password spray (a type of brute force) method, which is when the threat actor uses the same password on multiple accounts. There are detection methods for this, but it can unfortunately lead to far too many alerts (because this goes on ALL the time). So, the best the org can do is apply complexity requirements (15 char passwords using alphanumeric characters and special symbols) along with MFA on every account (regardless of the importance of the account). I would bet the regular VA environment does use those settings, and that an admin unfortunately decided to ignore using them for the test environment. So long as there are no trusted relationships from that env to another and nothing worth taking in the test env, this isn't much of a big deal. But the admin(s) should take note and be more vigilant since the report still reads "Russian Hackers Infiltrate the VA." That in itself will have the VA leadership going bonkers until someone explains it to them properly. The admins still need to be held accountable (not severely) and hopefully a lesson can be learned from it.
(3)
(0)
Maj Kevin "Mac" McLaughlin
My pleasure... It's what I did in the Air Force and what I still do to this day in the private sector.
(1)
(0)
Read This Next