Security News > 2021 > March > Microsoft shares detection, mitigation advice for Azure LoLBins

Microsoft shares detection, mitigation advice for Azure LoLBins
2021-03-09 18:05

Attackers can abuse a wide range of Window legitimate tools, including but not limited to Microsoft Defender, Windows Update, and even the Windows Finger command.

While being legitimately used by thousands of admins each day for managing their organizations' Azure fleets, their capabilities can also be used for malicious purposes, including circumventing network defense lines.

Custom Script Extensions were used by threat actors to deploy cryptominers on the networks of multiple Microsoft customers "From different countries within a noticeably short timeframe."

VMAccess and Antimalware extensions can be abused to tamper with service users and disable real-time protection capabilities.

To detect such malicious behavior in your organization, Microsoft recommends using Azure Defender for Resource Manager, which keeps track of Azure management operations and alerts you if it spots suspicious activity.

"Every request to the Azure Resource Manager Endpoint on management.azure.com is logged and analyzed to reveal malicious intentions and threats," Pliskin said.


News URL

https://www.bleepingcomputer.com/news/security/microsoft-shares-detection-mitigation-advice-for-azure-lolbins/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399