Microsoft Takes Serious Steps To Prevent Hackers From Stealing Credentials

To prevent threat actors from stealing access credentials, Microsoft has announced the implementation of video-based user verification for over 95 percent of its customers. This initiative comes in response to threats where attackers compromise user authentication through methods like password spraying, phishing, and token theft and replay.

According to the company’s September 2024 progress report on its Secure Future Initiative (SFI), After acquiring initial secrets or credentials, attackers often exploit vulnerabilities or errors in the implementation of non-standard and/or complex authentication protocols to move laterally and evade detection.

Additionally, Microsoft plans to introduce an update that will automatically rotate token signing keys without human intervention to avoid mishandling. These token signing keys are essential for authenticating tokens that contain information about a user's device, their access permissions, session data, and more.

Microsoft has also activated Purview features to prevent attackers from extracting sensitive information like passwords or tokens that could be reused in future attacks. The company has incorporated proprietary data into security tokens to thwart attempts at token forgery.

Instead of directly targeting their primary objective, Microsoft has observed that threat actors often gain initial access to a network and then navigate within it to achieve their goals without detection.

To minimize the potential attack surface, Microsoft has removed over 730,000 unused apps and deactivated 5.75 million inactive tenants. In this context, tenants refers to the suite of services assigned to Microsoft 365 customers. “We eliminated several classes of tools and business process blockers, enabling stricter enforcement of device security compliance standards, which impacted user access for over 75,000 users,” the report noted.

To bolster the protection of engineering systems against cyber threats, Microsoft has implemented “proof of presence checks for critical chokepoints in our software development code flow.”

Earlier this year, Microsoft Windows systems worldwide suffered a significant outage that disrupted critical infrastructure such as airports, banks, and hospitals. This widespread issue, which caused numerous Windows PCs and servers to display the blue screen of death (BSOD) upon restarting, was traced back to a faulty software update from cybersecurity firm Crowdstrike.

At its recent security summit, Microsoft announced plans to develop a new platform to cater to the needs of cybersecurity vendors like Crowdstrike, as the company is reportedly considering cutting off their kernel-level Windows access.
Share this article