In order to prevent threat actors from stealing access credentials, Microsoft said that it has rolled out video-based user verification for over 95 per cent of its customers. The tech giant is taking these measures in light of threat actors compromising user authentication through techniques such as password spray, phishing, and token theft and replay. “After their initial secret or credential acquisition, attackers will often exploit vulnerabilities or errors in implementation of non-standard and/or complex authentication protocols to move laterally and avoid detection,” the company said in the September 2024 progress report on its Secure Future Initiative (SFI). Microsoft also said that it will roll out an update for automatically rotating token signing keys with no human interaction to prevent mishandling. Token signing keys are used to authenticate tokens that carry information about a user’s device, the access permissions they have, session data, etc. It has also enabled Microsoft Purview features to prevent attackers from extracting sensitive information such as passwords or tokens that can be reused in future attacks. Microsoft said it has further added proprietary data in security tokens to prevent attackers from forging such tokens. Instead of attacking their main target directly, Microsoft said it has learnt that threat actors gain initial access to the network and move within that network to achieve their objectives without being detected. To reduce the potential attack surface, Microsoft said it took down over 7,30,000 unused apps and eliminated 5.75 million inactive tenants. Tenants is a term used to describe the suite of services assigned to a Microsoft 365 customer. “We eliminated several classes of tools and business process blockers allowing stricter enforcement of device security compliance standards, affecting user access for over 75,000 users,” the report said. To enhance the protection of engineering systems against cyber attacks, Microsoft said that it has enabled “proof of presence checks for critical chokepoints in our software development code flow.” Earlier this year, Microsoft Windows systems around the world experienced a massive outage that brought critical infrastructure such as airports, banks, hospitals, etc, to a grinding halt. The root cause (for such a vast number of Windows PCs and servers showing the blue screen of death (BSOD) upon restarting) was a faulty software update issued by cybersecurity firm Crowdstrike. At its recently held security summit, Microsoft announced that it is looking to design a new platform to meet the needs of cybersecurity vendors like Crowdstrike as the company is reportedly planning to cut off their kernel-level Windows access.
