CrowdStrike releases free Azure security tool after attempted attack
Microsoft notified one of the most popular cybersecurity firm CrowdStrike that the company’s emails have been attempted to be read by cyber criminals through compromised by Microsoft Azure credentials. In the early of this month, the SolarWinds network management company was noticed being suffered a cyberattack where cyber offenders altered their software to install backdoors on customers’ networks through a supply chain attack.
This attack led the SolarWinds customers move quickly to analyze their networks to see if they were infected in the supply chain attack. After going through an investigation of their inside and production environment, CrowdStrike stated Thursday that they had not discovered any symbols that the SolarWinds breach affected them.
While performing their analysis, Microsoft told CrowdStrike on December 15th that a compromised Microsoft Azure reseller’s account was utilized to try and read CrowdStrike’s emails.
“Specifically, they identified a reseller’s Microsoft Azure account used for managing CrowdStrike’s Microsoft Office licenses was observed making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago. There was an attempt to read email, which failed as confirmed by Microsoft. As part of our secure IT architecture, CrowdStrike does not use Office 365 email,” revealed by CrowdStrike CTO Michael Sentonas.
After knowing about this attempted attack, CrowdStrike investigated their Azure environment and found it was not affected. Nevertheless, during this investigation, they found it difficult to use Azure’s administrative tools to catalog privileges assigned to third-party resellers and partners in their Azure tenant.
“We found it particularly challenging that many of the steps required to investigate are not documented, there was an inability to audit via API, and there is the requirement for global admin rights to view important information which we found to be excessive. Key information should be easily accessible,” Sentonas continued.
CrowdStrike Reporting Tool for Azure (CRT) tool has been released by CrowdStrike to help administrators study their Microsoft Azure environment and see what privileges are allocated to third-party resellers and partners.