Search
Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events Acronis #CyberFit Summit 2021 Avaya Newsroom Experiences That Matter Cisco Partner Summit Digital 2020 Intel Partner Connect 2021

‘SolarWinds Hackers’ Now Hitting Resellers: 5 Things To Know

From leveraging anonymous infrastructure and taking advantage of delegated administrative privileges to gaining access to virtual machines, here’s how the group behind the SolarWinds attack is going after resellers.

Back 1   2   3   ... 6 Next
photo

5. Delegated Administrative Privileges Difficult To Find

The SVR has taken advantage of delegated administrative privileges in their latest campaign against resellers, leveraging that access to extend downstream attacks through externally facing VPNs or unique tools that enable network access, Microsoft said. This attack path has been used to obtain access to both on-premises and cloud victim environments, according to Carmakal.

“These delegated administrative privileges are often neither audited for approved use nor disabled by a service provider or downstream customer once use has ended, leaving them active until removed by administrators,” the Microsoft Threat Intelligence Center (MSTIC) wrote in a blog post Monday.

Starting in November, Microsoft said a new reporting tool will be available that identifies and displays all active delegated administrative privilege connections to help companies discover unused connections. This tool will provide reporting that captures how partner agents are accessing client tenants through these privileges and will allow partners to remove the connection when not in use, Microsoft said.

 
 
Back 1   2   3   ... 6 Next

sponsored resources