Having "zero confidence" is for Microsoft the best protection against computer attacks


Microsoft's Secure Identity Director Alex Weinert defends the MFA system and "zero trusts" principles to block advanced computer attacks.

The variety of techniques used by hackers may suggest that we have no opportunity to protect our data and devices. However, when not cybersecurity experts indicate that there is no 100% secure system, program or products, they are giving us the key, distrust everything.

Microsoft's Director of Secure Identities Alex Weinert has published several recommendations on his blog for consumers and internet users to strengthen their security systems. The manager recommends that a"ZeroTrust" should be adopted, rejecting the assumption that everything within an IT network is secure.

Using Zero Trust principles to protect against sophisticated attacks like Solorigate - Microsoft Security

Both large companies and individual users should take for granted that they will be victims of some attack sooner or later and explicitly verify the security of users' accounts, terminal devices, network and other resources. This recommendation comes after the attack suffered by SolarWinds.

Organizations as relevant as the U.S. Treasury department and companies like FireEye were affected by the attack on SolarWinds. According to Reuters, those responsible for this threat were Russian hackers who managed to access internal mail from the U.S. Treasury and Commerce departments.

To achieve this they used what is known as "supply chain attack", a malicious code is hidden in the body from legitimate software updates provided to targets through the IT company, SolarWinds. Weiner adds that "known techniques such as password application, phishing or malware were used to compromise users' credentials and gave the attacker critical access to the client's network."

To protect against these techniques, Microsoft recommends the use of multi-factor authentication systems or MFA. The company claims that 99.9% of the compromised accounts it tracks each month do not use MFA. The objective of MFA protection mechanisms is to create a layered defence and make it difficult for unauthorized persons to access.

Multi-factor authentication combines two or more separate credentials: those known to the user, that is, the password; what the user has that could be a security token; and what that user is, biometric systems like the footprint or his face. In an earlier publication, Weinert explained which of these mechanisms was more robust.

Microsoft, FireEye confirm SolarWinds supply chain attack | ZDNet

Both SMS and voice calls are transmitted in clear text and can be easily intercepted by attackers. For this manager, hardware security keys are MFA's most secure system. These keys should always go with us as the keys to the house and use a unique cryptographic key to prove to any online service that we are the ones who want to access the account and not a stranger.

Weinert admits that the SolarWinds attack was a"truly significant and advanced attack," but these identification and security techniques can be of great help in significantly reducing the risk to cybercriminals. with these best practices.

Post a Comment