Security News
‘SolarWinds Hackers’ Now Hitting Resellers: 5 Things To Know
Michael Novinson
From leveraging anonymous infrastructure and taking advantage of delegated administrative privileges to gaining access to virtual machines, here’s how the group behind the SolarWinds attack is going after resellers.
4. Customers Must Limit Reseller Access, Permissions
Microsoft recommends that customers prioritize a thorough review and audit of channel partner relationships to minimize any unnecessary permissions between their organization and upstream partners. Customers should immediately remove access for any partner relationships that look unfamiliar or haven’t yet been audited, according to Microsoft.
Organizations should thoroughly review all tenant admin users and verify the authenticity of the users and activity. Microsoft said it encourages strong authentication for all tenant administrators, reviewing devices registered for use with multi-factor authentication, and minimizing the use of standing high-privilege access.
Customers should check audit logs on a regular basis to ensure that high-privilege user access isn’t granted or delegated to admin users who do not require these to do their job, Microsoft said. Organizations should work with their logging provider to understand their logging strategy for all administrative actions and establish a process should logs need to be made available during an incident.
