Using Zero Trust to protect against Solorigate
Over the last month the Solorigate supply chain attack has been at the forefront of the news within the IT Industry. This was a sophisticated supply chain attack that utilised malicious SolarWinds files to potentially give nation state actors access to victimsโ networks. The uniqueness of this this attack was the breadth of tactics used to penetrate, expand across, and persist in affected infrastructure.
What we have learned as an industry is that although Zero Trust would not have stopped the Solorigate attack or other sophisticated attacks, it would of helped dampen the capabilities of such an attack. Within a Zero Trust mentality organisations become more resilient, consistent and responsive to new attacks, but gaps in the application of the principles, can still be exploited by actors.
I have recently come across a blog from Alex Weinert, Partner Director of Identity Security at Microsoft. This discusses how Zero Trust could protect against these sophisticated attacks.
Some of the key takeaways are that although the attack was sophisticated in its nature the actual tactics, techniques, and procedures (TTPs) were very ordinary. This can be evidenced by the methods that compromised the identity environment, with known techniques like password spraying, phishing, or malware being used to compromise user credentials and gave access to critical access to networks. Also where the actor succeeded, highly priviliged vendor accounts lacked protections.
Add into the factor that user and vendor accounts had broad role assignments and permissions that exceeded the role requirements, abondoned accounts and applications which had permissions they shoudnโt have. This enabled the attacks to progress.
Taking in to account the 3 core principles of Zero Trust, Verify Explicitly, Least Priviliged Access and Assume Breach. If the first principle had been implemented fully the attack would of significantly reduced in risk or have been mitigated through the application of security best practices. This highlights that one of the first actions you should take on your Zero Trust journey is the enablement of Multi Factor Authentication (MFA), this significantly reduces the probability of account compromise by more than 99.9%.
Zero Trust: Microsoft Step by Step
With the products included in the Microsoft 365 suite of tools, its very easy to start that journey down the roadmap to Zero Trust.
Thanks to Alex Weinert for the great blog - Using Zero Trust principles to protect against sophisticated attacks like Solorigate - Microsoft Security