This weblog was written by an unbiased visitor blogger.
In March 2021, cybersecurity researcher Le Xuan Tuyen found a safety bug in Microsoft Alternate Server. The vulnerability, dubbed ProxyToken, lets attackers bypass the authentication course of to entry victims’ emails and configure their mailboxes.
Usually, Alternate makes use of two websites, a back and front finish, to authenticate customers. Nonetheless, its Delegated Authentication function locations the accountability for authentication solely on the again finish. ProxyToken sends an authentication request with a non-empty SecurityToken cookie to set off this function. For the reason that again finish isn’t configured to deal with authentication underneath default settings, the attacker’s requests bypass authentication altogether.
For this to work, attackers should have already got an account on that Alternate server, minimizing its hazard. Nonetheless, insider threats are at all times potential. Attackers may then use this technique to achieve data to kind phishing assaults, which induced greater than $1.7 billion in losses in 2019.
In gentle of this risk and others prefer it, right here’s how corporations can higher safe their person authentication protocols.
Monitor person habits
Consumer authentication ought to transcend a easy username and password. Conventional measures like this are weak and might’t account for assaults like ProxyToken that bypass authentication stops. One useful resolution is to observe person habits.
Steady monitoring will set up a baseline for every person’s typical habits. With this data, corporations can implement behavioral biometrics, which authenticates individuals based mostly on their use patterns. Irregular habits, like making an attempt to configure another person’s inbox as ProxyToken assaults could do, will elevate a pink flag.
This monitoring can also be a important a part of contextual permissions, a central tenet of zero-trust safety. These measures transcend conventional authentication to search out and handle assaults like ProxyToken.
Use multifactor authentication
One other essential step is to allow multifactor authentication. Single authentication strategies, whether or not they be a password or one thing else, are weak to assaults like ProxyToken. Utilizing a couple of technique ensures that if an attacker will get previous one barrier, they nonetheless can’t infiltrate the system.
Microsoft itself emphasizes that MFA can cease 99.9% of account compromise assaults, which ProxyToken could begin as. Along with being extremely efficient, MFA can also be cost-free and simple to implement, making it a really perfect safety measure.
Authentication and authorization aren’t the identical, and remembering that’s important to avoiding threats like ProxyToken. An attacker could use ProxyToken or an identical technique to bypass authentication, however tighter controls can nonetheless mitigate harm.
As a refresher, authentication determines if customers are who they are saying whereas authorizing handles permissions. Restricted authorization protocols like least-privilege entry controls restrict the authorization anybody person has. Consequently, an attacker that bypasses the authentication stage will nonetheless have restricted entry, minimizing their potential for destruction.
Preserve software program up to date
Though it could appear apparent, companies also needs to bear in mind to maintain their software program as updated as potential. Researchers found ProxyToken in March, and Microsoft had patched the vulnerability by July. A easy software program replace will maintain Alternate servers protected from these assaults.
Whereas software program updates could not look like a important problem, many organizations fall behind on this space, leaving them weak. Virtually one-third of worldwide companies have suffered an information breach as a result of an unpatched vulnerability. It stands to motive that enabling computerized updates and monitoring for vulnerabilities will stop a substantial quantity of cyberattacks.
Safe authentication protocols are important
Cybercriminals are at all times discovering new strategies like ProxyToken to bypass companies’ safety methods. As these threats rise, organizations should take a extra proactive method to safety, together with stronger authentication protocols.
Consumer authentication should transcend a easy username and password. Cybercriminals as we speak are refined, requiring multistage strategies like MFA and steady monitoring to cease them. If companies can tighten their authentication and authorization controls, they will get rid of most of the threats they face.