Israeli cyberark unveils a breach of Microsoft's cloud infrastructure, also affecting Office users • Hacked reported to Microsoft and repaired
A breach in the cloud infrastructure. Microsoft headquarters in Redmond Washington // Photo: Getty Images
Israeli cyber company CyberArk has revealed a serious security breach that allows casual attackers to infiltrate the cloud infrastructure of companies and organizations using Microsoft Azure.
By hacking, you can gain access to Microsoft cloud users' servers and sensitive applications, including Office 365 users. In aggregate these are hundreds of millions of end users.
A breach, known as BlackDirect, allows an attacker to steal a user's identity without the user feeling it. When it comes to business users, an attacker can gain privileges for users with authority, especially IT professionals, through which their accounts can perform a variety of devastating actions, from deleting all users in the organization, by adding users with non-existent admin privileges, stealing the most sensitive information assets in the organization, and disabling them. Of the entire cloud environment of that organization.
According to the attack technique, an attacker exploits the security breach through a malicious link he sends to the attacker, clicking on the link will automatically pass the attacked user's identity to the attacker without the need to run a code. Another technique to exploit a breach is when an attacker successfully takes over a credible site in the eyes of the user, and the security breach allows an attacker to steal the identity of the users who are browsing the site.
After identity theft, the user is automatically redirected to a site he or she knows to be untrustworthy and does not know that he has been attacked. According to Omar French, a researcher at Cybark Labs: "The potential for attack that we detected is particularly high because it allows to bypass the two-step authentication mechanism (MFA) in Microsoft cloud, since the weakness steals the digital entity already verified by the system, after the two-step password and authentication" .
Following Cyberark's appeal, Microsoft fixed the loophole.
Microsoft response not yet received. We will update when you are accepted.
