As businesses embrace hybrid work, cybersecurity challenges have continued to grow across home offices and corporate networks. With sensitive data flowing between locations and malicious actors constantly seeking new vulnerabilities, organizations must strengthen their security practices to protect against evolving cyber threats.
Critical Identity Compromise Issues
To mitigate cybersecurity threats, especially when framed within the context of hybrid work, three critical identity compromise issues must be addressed: password attacks, multifactor authentication attacks, and post-authentication attacks.
Password Cybersecurity Attacks
The three most common password attack tactics are password spray, phishing attacks, and breach replay. Millions of these types of attacks occur daily across Microsoft systems. According to Microsoft, it deflects 1,000 password attacks per second. A 2023 Microsoft report found that 99.9% of targeted accounts don’t have multi-factor authentication (MFA) enabled, making the issue worse.
These attacks are relatively easy to perform and effective if successful. They involve guessing common passwords, convincing a team member to enter sensitive password information at a fake website, or relying on pervasive password reuse, making this a favorite tactic of ransomware agents.
“Driving more multifactor authentication is the most important thing we can do for the ecosystem,” wrote Alex Weinert, Vice President of Identity Security at Microsoft, in a January 2023 post. “If you aren’t yet requiring multifactor authentications for all users, enable it.”
Today’s MFA uses apps, tokens, or the device itself for authentication. It is included in all SKUs, requires no additional management, and profoundly integrates into Entra ID, unlike old, clunky MFAs that required copying codes and multiple prompt usages, which were deployed and bought separately.
MFA Cybersecurity Attacks
While multifactor authentication deflects much of the common identity compromises discussed above, cyber attack risks don’t end there. For example, MFA hacks aren’t as easy as password authentication attacks; however, they require more time, effort, and attacker investment.
Examples of MFA attacks include:
-
Telephone vulnerability attacks and session hijacking
-
“Griefing” attacks, also known as multifactor authentication hammering (MFA fatigue)
Unlike the thousands of password breach attacks per second, Microsoft has reported that MFA attacks have been detected in the thousands monthly, yet they continue to be on the rise. The right MFA product is essential to mitigate these attacks, particularly in a hybrid work environment.
Microsoft recommends:
-
Authenticator
-
Windows Hello
-
FIDO
Organizations that currently have a PIV and CAC (personal identity verification card or common access card) infrastructure may employ Entra ID certificate-based authentication (CBA).
Post-Authentication Cybersecurity Attacks
While pre-authentication attacks focus on gaining unauthorized access to a user’s account, post-authentication attacks occur after a user has successfully logged into a system. In these attacks, bad actors exploit vulnerabilities within an active session to gain unauthorized access or escalate privileges. The primary methods of post-authentication attacks include:
-
Session Hijacking: The most well-known form of post-authentication attack, session hijacking involves attackers stealing session tokens, unique identifiers that authenticate users after login. By acquiring these tokens, attackers can impersonate the user without needing their credentials.
-
API Key Exploitation: Attackers target API keys because they are commonly used in most applications for authentication. Attackers who gain access to exposed or poorly secured API keys can manipulate system functions, extract data, or execute unauthorized actions.
-
OAuth Token Misuse: OAuth tokens facilitate third-party application access to user data. Targeting OAuth tokens would allow attackers to access sensitive data.
Zero Trust principles are essential to mitigate token theft and OAuth phishing campaigns. These include:
-
Authenticating and authorizing based on all available data points
-
Using least-privilege access with just-in-time (JIT) and just-enough-access (JEA), as well as risk-based adaptive policies
-
Assuming breach and minimizing blast radius and segment access
Microsoft Defender: A Hybrid Cybersecurity Essential
Remote or hybrid work isn’t going away, and neither are ransomware attacks. Microsoft Defender is a tried-and-tested way for companies to protect themselves from these threats. With hybrid security solutions like Defender for Endpoint, Defender for Cloud, and Defender for Identity, businesses can safeguard devices, cloud environments, and identities from evolving cyber risks. By regularly checking the status of your Microsoft Defender Antivirus on all devices, running the latest Defender iteration, and customizing your security rules, you can significantly reduce the chances of your company falling victim to a cybersecurity event.
Partner with Trusted Tech Team today to equip your business with the right cybersecurity resources and ensure your sensitive data stays protected against evolving threats. Get a Microsoft 365 Security Consultation today.
