How to Stay Secure Amid a Turbulent Security Forecast
Health Tech Magazine
The SolarWinds hack at the end of 2020 highlighted ways in which hackers can use compromised applications and forged security assertion markup language (SAML) tokens to move into cloud environments from on-premises systems, including Microsoft environments. The Cybersecurity and Infrastructure Security Agency (CISA) and US-CERT recently issued an alert warning about the malicious activity and providing information on how IT can secure on-premises and cloud systems to detect and prevent the threats.
The issues discovered with SAML tokens are not unique to Microsoft’s systems. SAML is an open standard that’s used to facilitate user logons to federated systems. Hackers were able to forge SAML tokens and impersonate users, including those with privileged access. Once hackers obtain privileged access to the Microsoft cloud, they can establish entry that is persistent and difficult to detect.
The built-in security and monitoring features in...