Security News > 2021 > January > Malwarebytes says its Office 365, Azure tenancies have been breached, insists its tools are still safe to use

Security company Malwarebytes suspects a breach of its Office 365 and Azure tenancies is by the same attacker behind the SolarWinds hack, but reckons flaws in Azure Active Directory security are also to blame.

Malwarebytes, whose products include widely used anti-malware tools for consumers and businesses, said that it does not use SolarWinds but believes that the same attacker used "Another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments".

"In my opinion, it shouldn't be possible to assign credentials to first-party Microsoft applications. The Azure portal doesn't offer this option and does not display these 'backdoor' service principals credentials, but the APIs such as the Microsoft Graph and Azure AD Graph have no such limitations." He reported the issue to Microsoft but was told that it was documented behaviour and therefore not a vulnerability.

In a report from March 2019, Mollema showed how an AD Connect server can be exploited to gain full privileges on Azure AD. Symantec has recently reported on the "Raindrop" malware, which it believes is sometimes deployed by a compromised SolarWinds installation.

Securing Azure AD is challenging and MalwareBytes references the CrowdStrike tool as useful for mitigation.

Microsoft's hybrid approach to the cloud increases the number of possible attacks, but without Microsoft's security intelligence tools picking up suspicious activity, Malwarebytes might still be unaware of the breach of its systems.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/01/20/malwarebytes_reports_breach_of_its/