CrowdStrike releases free Azure security tool after attempted attack

December 28, 2020

Microsoft notified one of the most popular cybersecurity firm CrowdStrike that the company’s emails have been attempted to be read by cyber criminals through compromised by Microsoft Azure credentials. In the early of this month, the SolarWinds network management company was noticed being suffered a cyberattack where cyber offenders altered their software to install backdoors on customers’ networks through a supply chain attack.

This attack led the SolarWinds customers move quickly to analyze their networks to see if they were infected in the supply chain attack. After going through an investigation of their inside and production environment, CrowdStrike stated Thursday that they had not discovered any symbols that the SolarWinds breach affected them.

While performing their analysis, Microsoft told CrowdStrike on December 15th that a compromised Microsoft Azure reseller’s account was utilized to try and read CrowdStrike’s emails.

“Specifically, they identified a reseller’s Microsoft Azure account used for managing CrowdStrike’s Microsoft Office licenses was observed making abnormal calls to Microsoft cloud APIs during a 17-hour period several months ago. There was an attempt to read email, which failed as confirmed by Microsoft. As part of our secure IT architecture, CrowdStrike does not use Office 365 email,” revealed by CrowdStrike CTO Michael Sentonas.

After knowing about this attempted attack, CrowdStrike investigated their Azure environment and found it was not affected. Nevertheless, during this investigation, they found it difficult to use Azure’s administrative tools to catalog privileges assigned to third-party resellers and partners in their Azure tenant.

“We found it particularly challenging that many of the steps required to investigate are not documented, there was an inability to audit via API, and there is the requirement for global admin rights to view important information which we found to be excessive. Key information should be easily accessible,” Sentonas continued.

CrowdStrike Reporting Tool for Azure (CRT) tool has been released by CrowdStrike to help administrators study their Microsoft Azure environment and see what privileges are allocated to third-party resellers and partners.

More Stories

Windows 11 Update: Say Bye To These Features

June 25, 2021

Massachusetts MassNotify Android COVID App Forced By Google

June 21, 2021

What’s New With Microsoft Windows 10 Build 19043.1052

June 10, 2021

You may have missed

How to Remove AssuranceForcast Adware (Mac)

August 29, 2023

Be Vigilant Of The Messages Are Pending Due To Storage Error Email Scam

August 29, 2023

How to Remove Kmrox Ransomware And Recover .kmrox Files

August 29, 2023

How to Remove DontCryLol Ransomware And Recover Locked Files

August 29, 2023

How to Remove AssuranceCapture (Mac)

August 29, 2023