Today, we’re continuing that conversation. With the latest Microsoft benchmarking data, we’re sharing what real-world telemetry reveals about how effectively modern email threats are detected, mitigated, and stopped by Microsoft Defender, secure email gateway (SEG) providers, and integrated cloud email security (ICES) solutions.

This is part of our ongoing commitment to openness: regularly publishing performance data so customers can see how protections perform at scale.

What’s new in the latest benchmarking data

The newest benchmarking results reflect updated telemetry across recent months and reinforce several consistent trends:

• Microsoft Defender removes an average of 70.8% of malicious email post-delivery, helping reduce dwell time even when cyberthreats bypass initial filtering.
• Layered protection matters. When Defender operates alongside ICES partners, organizations benefit from incremental detection gains across promotional, spam, and malicious messages.
• Overlapping detections remain, meaning ICES solutions can flag the same messages and the incremental value-add can vary by scenario and email type.

This kind of data-driven visibility is critical for security teams who want to understand not just whether cyberthreats are blocked, but how and where defenses are adding value across the email attack lifecycle.

Benchmarking results for ICES vendors

Microsoft’s quarterly analysis shows that layering ICES solutions with Microsoft Defender continue to provide a benefit in reducing marketing and bulk email, improving their filtering by an average of 13.7%. This reduces inbox clutter and boosts user productivity in environments with high volumes of promotional email. For filtering of spam and malicious messages, the incremental gains remain modest, and the latest quarter shows a smaller uplift than the prior period—averaging 0.29% and 0.24% respectively, compared to 1.65% and 0.5% in the prior report.

Focusing only on malicious messages that reached the inbox, the latest quarter shows Microsoft Defender’s zero hour auto purge performing the majority of post‑delivery remediation—removing an average of 70.8% of these threats. ICES vendors provided additional post‑delivery filtering, contributing an average of 29.2%. Together, this highlights two points: post‑delivery remediation is a critical backstop when cyberthreats evade initial filtering, and in these results Microsoft Defender delivered most of the post‑delivery catch, while ICES vendors add incremental coverage in this scenario.

Benchmarking results for SEG vendors

For the SEG vendor benchmarking metrics, a cyberthreat was classified as “missed” if it was not detected prior to delivery. Using this definition, Microsoft Defender missed fewer high-severity cyberthreats than other solutions evaluated in the study, consistent with patterns observed in our prior benchmarking report.

Reinforcing our commitment to the ICES vendor ecosystem

Transparency doesn’t stop at Microsoft’s own detections. It also extends to how we work with partners.

When we introduced the Microsoft Defender for Office 365 ICES vendor ecosystem, our goal was clear: enable customers to integrate trusted, non-Microsoft email security solutions into a unified Defender experience, without fragmenting workflows or visibility.

That commitment continues today.

• The ICES vendor ecosystem now includes four partners—Darktrace, KnowBe4, Cisco, and VIPRE Security Group—all integrated directly into Microsoft Defender across experiences such as Quarantine, Explorer, email entity pages, advanced hunting, and reporting.
• Customers retain a single operational plane in the Defender portal, even when layering multiple email security technologies.
• Integrations are deliberate and additive, designed to enhance protection and clarity without increasing operational complexity.
• The ecosystem supports defense-in-depth strategies while preserving a single, coherent security experience.

The recent additions reinforce our belief that email security is strongest when it combines native platform intelligence with specialized partner capabilities, surfaced through a single pane of glass.

We continue to actively evaluate additional partnerships based on customer demand, detection quality, and the ability to deliver meaningful, differentiated signals.

Why this matters for security teams

Email remains one of the most targeted and exploited attack vectors, and modern campaigns rarely rely on a single technique or control gap.

By pairing transparent benchmarking with integrated, multi-vendor protection, security teams gain:

• Clear insight into detection coverage across native and partner solutions.
• Reduced investigation friction with unified views and workflows.
• Confidence in layered defenses, backed by regularly published data.

This isn’t about claiming perfection. It’s about showing the work, sharing the numbers, and giving customers the information they need to make informed security decisions.

Looking ahead

We’ll continue to publish updated benchmarking insights on a regular basis, alongside ongoing investments in Microsoft Defender and the ICES vendor ecosystem.

To explore the latest benchmarking data and learn more about how Defender and ICES partners work together, access the benchmarking site.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Clarity in complexity: New insights for transparent email security, Microsoft. December 10, 2025.

The post From transparency to action: What the latest Microsoft email security benchmark reveals appeared first on Microsoft Security Blog.

The Shai‑Hulud 2.0 campaign builds on earlier supply chain compromises but introduces more automation, faster propagation, and a broader target set:

• Malicious code executes during the preinstall phase of infected npm packages, allowing execution before tests or security checks.
• Attackers have compromised maintainer accounts from widely used projects (for example, Zapier, PostHog, Postman).
• Stolen credentials are exfiltrated to public attacker-controlled repositories, which could lead to further compromise.

This campaign illustrates the risks inherent to modern supply chains:

• Traditional network defenses are insufficient against attacks embedded in trusted package workflows.
• Compromised credentials enable attackers to escalate privileges and move laterally across cloud workloads.

In defending against threats like Shai-Hulud 2.0, organizations benefit significantly from the layered protection from Microsoft Defender, which provides security coverage from code, to posture management, to runtime. This defense-in-depth approach is especially valuable when facing supply chain-driven attacks that might introduce malicious dependencies that evade traditional vulnerability assessment tools. In these scenarios, the ability to correlate telemetry across data planes, such as endpoint or container behavior and runtime anomalies, becomes essential. Leveraging these insights enables security teams to rapidly identify compromised devices, flag suspicious packages, and contain the threat before it propagates further.

This blog provides a high-level overview of Shai‑Hulud 2.0, the attack mechanisms, potential attack propagation paths, customized hunting queries, and the actions Microsoft Defender is taking to enhance detection, attack-path analysis, credential scanning, and supply chain hardening.

Analyzing the Shai-Hulud 2.0 attack

Multiple npm packages were compromised when threat actors added a preinstall script named set_bun.js in the package.json of the affected packages. The setup_bun.js script scoped the environment for an existing Bun runtime binary; if not found, the script installed it. Bun can be used in the same way Node.js is used.

The Bun runtime executed the bundled malicious script bun_environment.js. This script downloaded and installed a GitHub Actions Runner archive. It then configured a new GitHub repository and a runner agent called SHA1Hulud. Additional files were extracted from the archive including, TruffleHog and Runner.Listener executables. TruffleHog was used to query the system for stored credentials and retrieve stored cloud credentials.

Microsoft Defender for Containers promptly notified our customers when the campaign began through the alert Suspicious usage of the shred command on hidden files detected. This alert identified the data destruction activity carried out as part of the campaign. Additionally, we introduced a dedicated alert to identify this campaign as Sha1-Hulud Campaign Detected – Possible command injection to exfiltrate credentials.

In some cases, commits to the newly created repositories were under the name “Linus Torvalds”, the creator of the Linux kernel and the original author of Git.  The use of fake personas highlights the importance of commit signature verification, which adds a simple and reliable check to confirm who actually created a commit and reduces the chance of impersonation.

Mitigation and protection guidance

Microsoft Defender recommends the following guidance for customers to improve their environments’ security posture against Shai-Hulud:

• Review the Key Vault assets on the critical asset management page and investigate any relevant logs for unauthorized access.
• Rapidly rotate and revoke exposed credentials.
• Isolate affected CI/CD agents or workspaces.
• Prioritize high-risk attack paths to reduce further exposure.
• Remove unnecessary roles and permissions granted to identities assigned to CI/CD pipelines; specifically review access to key vaults.
• For Defender for Cloud customers, read on the following recommendation:
  • As previously indicated, the attack was initiated during the preinstall phase of compromised npm packages. Consequently, cloud compute workloads that rely on these affected packages present a lower risk compared to those involved in the build phase. Nevertheless, it is advisable to refrain from using such packages within cloud workloads. Defender for Cloud conducts thorough scans of workloads and prompts users to upgrade or replace any compromised packages if vulnerable versions are detected. Additionally, it references the code repository from which the image was generated to facilitate effective investigation.
  • To receive code repository mapping, make sure to connect your DevOps environments to Defender for Cloud. Refer to the following documentation for guidance on:
    • Connecting Azure DevOps to Defender for Cloud
    • Connecting GitHub environment to Defender for Cloud
    • Connecting GitLab environment to Defender for Cloud
    • Deploying Defender CLI for container image scan

• For npm maintainers:
  • Use npm trusted publishing instead of tokens. Strengthen publishing settings on accounts, organizations, and packages to require two-factor authentication (2FA) for any writes and publishing actions.
  • When configuring two-factor authentication, use WebAuthn instead of a time-based, one-time password (TOTP).
• To combat this evolving threat, we are also introducing a new functionality in Microsoft Defender for Cloud that identifies Shai-Hulud 2.0 packages by leveraging agentless code scanning. This capability works by creating a Software Bill of Materials (SBOM) in the background and performing a lookup to identify if any package in the filesystem or source code repository is a malicious package that could be a component of the Shai-Hulud attack. By decoupling security analysis from runtime execution, this approach ensures that deep dependency threats are detected without impacting the performance of workloads or pipelines.
  • If malicious packages are found, recommendations in Microsoft Defender for Cloud provide immediate visibility into compromised assets as shown below. This ensures that security teams can act quickly to freeze dependencies and rotate credentials before further propagation occurs.
  • The next recommended step for customers is to start scanning repositories and protecting supply chains. Learn how to set up connectors.

• Turn on cloud-delivered protection and automatic sample submission on Microsoft Defender Antivirus. These capabilities use artificial intelligence and machine learning to quickly identify and stop new and unknown threats.
• Turn on attack surface reduction rules, particularly on blocking executable files from running unless they meet a prevalence, age or trusted list criterion and blocking execution of potentially obfuscated scripts.

For more information on GitHub’s plans on securing the npm supply chain and what npm maintainers can take today, Defender also recommends checking the Github plan for a more secure npm supply chain.

Microsoft Defender XDR detections 

Microsoft Defender XDR customers can refer to the list of applicable detections below. Microsoft Defender XDR coordinates detection, prevention, investigation, and response across endpoints, identities, email, and apps to provide integrated protection against attacks like the threat discussed in this blog.

Customers with provisioned access can also use Microsoft Security Copilot in Microsoft Defender to investigate and respond to incidents, hunt for threats, and protect their organization with relevant threat intelligence.

Microsoft Security Copilot

Security Copilot customers can use the standalone experience to create their own prompts or run the following prebuilt promptbooks to automate incident response or investigation tasks related to this threat:

• Incident investigation
• Microsoft User analysis
• Threat actor profile
• Threat Intelligence 360 report based on MDTI article
• Vulnerability impact assessment

Note that some promptbooks require access to plugins for Microsoft products such as Microsoft Defender XDR or Microsoft Sentinel.

Threat intelligence reports

Microsoft Defender XDR customers can use the following threat analytics reports in the Defender portal (requires license for at least one Defender XDR product) to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.

Microsoft Defender XDR threat analytics:

• Activity Profile: From vulnerable workflows to self-replicating malware: Technical analysis of npm supply chain security incidents

Microsoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

Attack path analysis

Attack path analysis shows paths from exposed entry points to targets. Security teams can use attack path analysis to surface cross-domain exposure risks, for example how an attacker could move from externally reachable resources to sensitive systems to escalate privileges and maintain persistence. While supply chain attacks like those used by Shai-Hulud 2.0 can originate without direct exposure, customers can leverage advanced hunting to query the Exposure Graph for these broader relationships.

For example, once a virtual or physical machine is determined to be compromised, key vaults that are directly accessible using credentials obtained from the compromised system can also be identified. The relevant access paths can be extracted using queries, as detailed in the hunting section below. Any key vault found along these paths should be investigated according to the mitigation guide.

Hunting queries 

Microsoft Defender XDR

Microsoft Defender XDR customers can run the following queries to find related activity in their networks:

Attempts of malicious JS execution through node

DeviceProcessEvents 
| where FileName has "node" and ProcessCommandLine has_any ("setup_bun.js", "bun_environment.js")

Suspicious process launched by malicious JavaScript

DeviceProcessEvents | where InitiatingProcessFileName in~ ("node", "node.exe") and InitiatingProcessCommandLine endswith ".js"
| where (FileName in~ ("bun", "bun.exe") and ProcessCommandLine has ".js")
    or (FileName  in~ ("cmd.exe") and ProcessCommandLine has_any ("where bun", "irm ", "[Environment]::GetEnvironmentVariable('PATH'", "|iex"))
    or (ProcessCommandLine in~ ("sh", "dash", "bash") and ProcessCommandLine has_any ("which bun", ".bashrc && echo $PATH", "https://bun.sh/install"))
| where ProcessCommandLine !contains "bun" and ProcessCommandLine !contains "\\" and ProcessCommandLine !contains "--"

GitHub exfiltration

DeviceProcessEvents | where FileName has_any ("bash","Runner.Listener","cmd.exe") | where ProcessCommandLine has 'SHA1HULUD' and not (ProcessCommandLine has_any('malicious','grep','egrep',"checknpm","sha1hulud-checker-ado","sha1hulud-checker-ado"," sha1hulud-checker-github","sha1hulud-checker","sha1hulud-scanner","go-detector","SHA1HULUD_IMMEDIATE_ACTIONS.md","SHA1HULUD_COMPREHENSIVE_REPORT.md","reddit.com","sha1hulud-scan.sh"))

Paths from compromised machines and repositories to cloud key management services

let T_src2Key = ExposureGraphEdges
| where EdgeLabel == 'contains'
| where SourceNodeCategories has_any ('code_repository', 'virtual_machine' , 'physical_device')
| where TargetNodeCategories has 'secret'
| project SourceNodeId, SourceNodeLabel, SourceNodeName, keyNodeId=TargetNodeId, keyNodeLabel=TargetNodeLabel;
let T_key2identity = ExposureGraphEdges
| where EdgeLabel == 'can authenticate as'
| where SourceNodeCategories has 'key'
| where TargetNodeCategories has 'identity'
| project keyNodeId=SourceNodeId, identityNodeId=TargetNodeId;
ExposureGraphEdges
| where EdgeLabel == 'has permissions to'
| where SourceNodeCategories has 'identity'
| where TargetNodeCategories has "keys_management_service"
| join hint.strategy=shuffle kind=inner (T_key2identity) on $left.SourceNodeId==$right.identityNodeId
| join hint.strategy=shuffle kind=inner (T_src2Key) on keyNodeId
| join hint.strategy=shuffle kind=inner (ExposureGraphNodes | project NodeId, srcEntityId=EntityIds) on $left.SourceNodeId1==$right.NodeId
| join hint.strategy=shuffle kind=inner (ExposureGraphNodes | project NodeId, identityEntityId=EntityIds) on $left.identityNodeId==$right.NodeId
| join hint.strategy=shuffle kind=inner (ExposureGraphNodes | project NodeId, kmsEntityId=EntityIds) on $left.TargetNodeId==$right.NodeId
| project srcLabel=SourceNodeLabel1, srcName=SourceNodeName1, srcEntityId, keyNodeLabel, identityLabel=SourceNodeLabel,
    identityName=SourceNodeName, identityEntityId, kmsLabel=TargetNodeLabel, kmsName=TargetNodeName, kmsEntityId
| extend Path = strcat('srcLabel',' contains','keyNodeLabel',' can authenticate as', ' identityLabel', ' has permissions to', ' kmsLabel')

Setup of the GitHub runner with the malicious repository and downloads of the malicious bun.sh script that facilitates this

CloudProcessEvents
| where  (ProcessCommandLine has "--name SHA1HULUD" ) or (ParentProcessName == "node" and (ProcessName == "bash" or ProcessName == "dash" or ProcessName == "sh") and ProcessCommandLine has "curl -fsSL https://bun.sh/install | bash")
| project Timestamp, AzureResourceId, KubernetesPodName, KubernetesNamespace, ContainerName, ContainerId, ContainerImageName, ProcessName, ProcessCommandLine, ProcessCurrentWorkingDirectory, ParentProcessName, ProcessId, ParentProcessId, AccountName

Credential collection using TruffleHog and Azure CLI

CloudProcessEvents
| where (ParentProcessName == "bun" and ProcessName in ("bash","dash","sh") and ProcessCommandLine has_any("az account get-access-token","azd auth token")) or
        (ParentProcessName == "bun" and ProcessName == "tar" and ProcessCommandLine has_any ("trufflehog","truffler-cache"))
| project Timestamp, AzureResourceId, KubernetesPodName, KubernetesNamespace, ContainerName, ContainerId, ContainerImageName, ProcessName, ProcessCommandLine, ProcessCurrentWorkingDirectory, ParentProcessName, ProcessId, ParentProcessId, AccountName

Cloud security explorer

Microsoft Defender for Cloud customers can also use cloud security explorer to surface possibly compromised software packages. The following screenshot represents a query that searches for a virtual machine or repository allowing lateral movement to a key vault. View the query builder.

The security explorer templates library has been expanded with two additional queries that retrieve all container images with compromised software packages and all the running containers with these images.

Another means for security teams to proactively identify the scope of this threat is by leveraging the Cloud Security Explorer to query the granular Software Bill of Materials (SBOM) generated by agentless scanners. This capability allows you to execute dynamic, graph-based queries across your entire multi-cloud estate—including virtual machines, containers, and code repositories—to pinpoint specific software components and their versions without the need for agent deployment.

For the Shai-Hulud 2.0 campaign, you can use the Cloud Security Explorer to map your software inventory directly to the list of known malicious packages. By running targeted queries that search for the specific compromised package names identified in our threat intelligence, you can instantly visualize the blast radius of the attack within your environment. This enables you to locate every asset containing a malicious dependency and prioritize remediation efforts effectively.

Microsoft Sentinel

Microsoft Sentinel customers can use the TI Mapping analytics (a series of analytics all prefixed with ‘TI map’) to automatically match the malicious domain indicators mentioned in this blog post with data in their workspace. If the TI Map analytics are not currently deployed, customers can install the Threat Intelligence solution from the Microsoft Sentinel Content Hub to have the analytics rule deployed in their Sentinel workspace. 

Indicators of compromise   

References

• https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains

Learn more  

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To get notified about new publications and to join discussions on social media, follow us on LinkedIn, X (formerly Twitter), and Bluesky.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.

The post Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack appeared first on Microsoft Security Blog.

But what actually needs to change? And what should you be doing about it? Read IDC’s latest research, The Next Era of Cloud Security: Cloud-Native Application Protection Platform and Beyond, to dive deep into the future of cloud security—and what it means for chief information security officers (CISOs), security architects, and product leaders.

Five IDC insights into the evolving cloud security landscape

1. One platform is quietly becoming a top investment

IDC research found that cloud-native application protection platforms (CNAPPs) are now one of the top three security investments for 2025. Why? Because they’re solving problems that legacy tools can’t, protecting cloud-native applications throughout their lifecycle—further reinforcing the importance of ecosystems, consolidation, and more.

2. The role of the CISO is evolving to align security with business priorities

In 37% of organizations, CISOs now have ownership over cloud security management. IDC calls them “3D CISOs.” They don’t just manage risk—they drive business outcomes and digital innovation. These leaders are reshaping how security is embedded across the organization, from DevOps pipelines to boardroom conversations. IDC’s whitepaper details the expanded and evolving role of CISOs and their impact on improving the overall security posture of organizations.   

3. Tool sprawl increases costs and introduces vulnerabilities

Organizations are grappling with tool sprawl, using an average of 10 cloud security tools and often adding more each year. This complexity—driven by fragmented platforms, regulatory requirements, and integration challenges—creates blind spots and slows response times. But stopping the sprawl isn’t easy. It requires a deliberate approach, anchored in a unified security platform that simplifies operations and strengthens protection. IDC research underscores this, highlighting how greater visibility and tool consolidation drive measurable gains in efficiency and cost management.

4. Generative AI is already changing the game

Forget the hype. Generative AI is delivering real value for cloud security—from automated threat detection to faster incident response, and more. IDC’s data shows how security teams are using generative AI, including how it can enhance the capabilities of security analysts and allow them to focus on more complex tasks.

5. The future is integrated and autonomous

Security leaders are moving toward unified security operations (SecOps) platforms that combine cloud-native protection, threat intelligence, and AI-powered automation. Some are exploring the new frontier of agentic AI—autonomous systems that can detect, isolate, and remediate known cyberthreats without human intervention. The IDC whitepaper explores what this future looks like—and how close we really are.

Why mitigating security risk matters now more than ever

Cloud security is a critical business imperative. As IDC puts it, “Security risk is business risk.” The decisions you make today will shape your organization’s resilience, agility, and ability to innovate tomorrow. Whether you’re a CISO or a cloud architect, this research offers a roadmap for navigating what’s next. It’s not just about buying new tools. It’s about building a smarter, more unified approach to cloud security.

Ready to see what’s inside?

71% of organizations surveyed believe that over the next two years, it would be beneficial for their organization to invest in a unified SecOps platform that includes technologies such as extended detection and response (XDR), endpoint detection and response (EDR), security information and event management (SIEM), CNAPP and cloud security, generative AI, and threat intelligence. But that’s easier said than done. And in this post, we’ve only scratched the surface. The full IDC study covers:

• The evolving role of CNAPP in cloud security.
• How CISOs are aligning security with business goals.
• The impact of generative AI and agentic AI on security operations center (SOC) operations.
• Strategies for reducing tool sprawl and improving visibility.
• Guidance for integrating CNAPP with XDR, SIEM, and managed services.

Innovate faster with Microsoft

Microsoft’s integrated CNAPP, powered by industry-leading generative AI and threat intelligence, unifies security across the entire application lifecycle. With comprehensive visibility, real-time cloud detection and response, and proactive risk prioritization, it protects your modern cloud and AI applications from code to runtime.

Microsoft empowers your security teams to identify, prioritize, and mitigate risks early, adhere to compliance and regulatory requirements, prevent cloud breaches, and stay ahead of emerging cloud and AI cyberthreats. Innovate securely, quickly, and confidently, across hybrid and multicloud environments.

Learn more

Read IDC’s full whitepaper, The Next Era of Cloud Security: Cloud-Native Application Protection Platform and Beyond.

Learn about our new e-book: The 5 generative AI security threats you need to know.

Sign up to read the quick-start e-book to Executing cloud-native application protection platform (CNAPP) strategy.

Learn more about Microsoft Defender for Cloud.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Microsoft Ignite

Join us at Microsoft Ignite to explore the latest solutions for securing AI. Connect with industry leaders, innovators, and peers shaping what’s next.

San Francisco on November 17-21
Online (free) on November 18-20

Register now

The post New IDC research highlights a major cloud security shift appeared first on Microsoft Security Blog.

The shift is already underway:

• 66% of organizations are developing or planning to develop custom generative AI applications.²

• 88% of organizations are somewhat or extremely concerned about indirect prompt injection attacks.³

• 80% of business leaders cite sensitive data leakage via AI as a top concern.⁴

To help organizations navigate this new landscape, Microsoft has published a new guide, titled 5 Generative AI Security Threats You Must Know About. In this blog post, we’ll highlight the key themes covered in the e-book, including the challenges organizations face, the top generative AI threats to organizations, and how companies can enhance their security posture to meet the dangers of today’s unpredictable AI environments.

5 Generative AI Security Threats You Must Know About 

A definitive guide to unifying security across cloud and AI applications.

Read the guide

Security leaders face urgent challenges

As generative AI becomes embedded in enterprise workflows, security leaders face a new set of challenges that demand a shift in strategy. These aren’t just technical hurdles, they’re architectural, behavioral, and operational risks that require a broader, unified approach to security.

• Cloud vulnerabilities
  Most generative AI applications are cloud-based, which means cyberattackers can exploit weaknesses in the model, app, or infrastructure to move laterally and compromise sensitive data or model integrity.

• Data exposure risks
  GenAI thrives on large datasets—but that scale also makes it a prime target. Security teams must contend with the risk of data leakage and the complexity of enforcing governance across sprawling environments.

• Unpredictable model behavior
  Generative AI models don’t always behave predictably. The same input can yield different outputs, making it difficult to anticipate how models will respond to malicious prompts or manipulation. This opens the door to prompt injection attacks and AI agent abuse.

These foundational risks set the stage for an even more pressing reality: as generative AI scales, cyberattackers are exploiting its unique weaknesses in ways that demand security leaders’ immediate attention—starting with the top cyberthreats you need to watch.

Critical generative AI threats to watch

Generative AI introduces a new class of cyberthreats that go beyond traditional cloud vulnerabilities, targeting the very architecture and behavior of AI systems. These risks aren’t simply technical—they challenge the trust, integrity, and resilience of models that organizations increasingly rely on. Cyberattackers are finding creative ways to exploit the data-driven nature of AI, turning its strengths into weaknesses that demand fresh strategies and defenses.

Among the most critical cyberthreats are poisoning attacks, where cyberattackers manipulate training data to skew outputs and erode accuracy. Evasion attacks take a different route, using obfuscation or jailbreak prompts to slip harmful content past AI filters. And perhaps most insidious are prompt injection attacks—carefully crafted inputs that override original instructions, steering models toward unintended or malicious actions. These cyberthreats and more underscore why security leaders must rethink traditional approaches and build AI-specific safeguards. For a deeper dive into critical threats and practical guidance on mitigation, read the full Microsoft guide: 5 Generative AI Security Threats You Must Know About.

Building a proactive defense for AI and multicloud environments

Modern cybersecurity requires a holistic approach that correlates signals across applications, infrastructure, and user behavior. In the e-book, we explore how cloud-native application protection platforms (CNAPP) simplify this complexity by unifying tools like cloud security posture management (CSPM), cloud infrastructure entitlement management (CIEM), and cloud workload protection platform (CWPP) into a single platform. By stitching together identity data, storage logs, code vulnerabilities, and internet exposure, CNAPP provides security teams with full context to detect and remediate cyberthreats faster. This integrated view is critical as generative AI introduces unpredictable behaviors, making traditional siloed defenses insufficient.

Microsoft Defender for Cloud exemplifies this proactive model by delivering end-to-end AI security across development and runtime. It scans code repositories for misconfigurations, monitors container images for vulnerabilities, and continuously maps attack paths to sensitive assets. In runtime, Defender for Cloud detects AI-specific threats such as jailbreak attacks, credential theft, and data leakage—leveraging more than 100 trillion daily signals from Microsoft Threat Intelligence.² By combining posture management with real-time threat protection, organizations can secure generative AI workloads and maintain trust in an evolving cyberthreat landscape. 

Redefining security for the generative AI era

As generative AI becomes foundational, security leaders must evolve their strategies. Microsoft helps organizations unify security and governance across the full cloud and AI app lifecycle. With comprehensive visibility, proactive risk prioritization, and real-time detection and response, Microsoft protects your modern cloud and AI assets from code to runtime—while helping you comply with evolving regulations and standards. 

Organizations like Icertis are already taking action.

Microsoft Defender for Cloud emerged as our natural choice for the first line of defense against AI-related threats. It meticulously evaluates the security of our Azure OpenAI deployments, monitors usage patterns, and promptly alerts us to potential threats. These capabilities empower our Security Operations Center (SOC) teams to make more informed decisions based on AI detections, ensuring that our AI-[powered] contract management remains secure, reliable, and ahead of emerging threats.

—Subodh Patil, Principal Cyber Security Architect, Icertis

Generative AI is transforming cybersecurity—empowering defenders while giving cyberattackers new tools to scale phishing, deepfakes, and adaptive malware. To understand the top AI-powered cyberthreats and how to mitigate them, get the e-book: 5 Generative AI Security Threats You Must Know About.

Explore more resources:

• Learn more about Microsoft Cloud Security Solutions.

• Learn about Security for AI.

Learn more with Microsoft Security

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Microsoft Ignite

Join us at Microsoft Ignite to explore the latest solutions for securing AI. Connect with industry leaders, innovators, and peers shaping what’s next.

San Francisco on November 17-21
Online (free) on November 18-20

Register now

¹ Microsoft Digital Defense Report 2025

²Accelerate AI transformation with strong security: The path to securely embracing AI adoption in your organization, Microsoft Security.

³ If your org’s using any virtual assistants with AI capabilities, are you concerned about indirect prompt injection attacks?

⁴ THE NEXT ERA OF CLOUD SECURITY: Cloud-Native Application Protection Platform and Beyond“, Doc. #US53297125, April 2025

The post The 5 generative AI security threats you need to know about detailed in new e-book appeared first on Microsoft Security Blog.

Recognizing these risks, Microsoft’s Secure Future Initiative (SFI) has strengthened default security by design, but defenders must continue to follow security baseline recommendations and leverage customer-facing security capabilities to stay ahead of evolving threats. In alignment with the MITRE ATT&CK framework, Microsoft Threat Intelligence continually updates threat matrices to map the evolving tactics and techniques targeting cloud environments. While some of our previous work has focused on Kubernetes and containerized workloads at the compute layer of the cloud stack, this blog shifts the lens to the data storage layer—specifically, Azure Blob Storage.

Therefore, in this blog, we outline some of the unique threats associated with the data storage layer, including relevant stages of the attack chain for Blob Storage to connect these risks to actionable Azure Security controls and applicable security recommendations. We also provide threat detections to help contain and prevent Blob Storage threat activity with Microsoft Defender for Cloud’s Defender for Storage plan. By understanding the unique threats facing Azure Blob Storage and implementing targeted security controls, organizations can better safeguard their most critical workloads and data repositories against evolving attacker tactics.

How Azure Blob Storage works

Azure Storage supports a wide range of options for handling exabytes of blob data from many sources at scale. Blobs store everything from checkpoint and model files for AI to parquet datasets for analytics. These blobs are organized into containers, which function like folders grouping sets of blobs. A single storage account can contain an unlimited number of containers, and each container can store an unlimited number of blobs.

Blob Storage also supports HPC, backup, and disaster recovery scenarios for more resiliency and business continuity, like backing up on-premises resources or Infrastructure as a Service (IaaS) virtual machine-hosted SQL Server data. Azure Data Lake Storage offers specific optimizations well suited for file system and analytics workloads such as hierarchical namespace and fast atomic operations. Blob storage also supports public access scenarios such as download for static files—not all files are accessible for download over internet.

Azure Storage fulfils the cloud shared responsibility model through best practices across identity and access management, secure networking, data protection, and continuous monitoring. It supports best practices that help defend across the attack chain when implemented as part of both a cloud-native identity and access management solution such as Microsoft Entra ID, and a cloud-native application protection platform such as Defender for Cloud. Azure Storage integrates with both, allowing least-privilege access through Entra role-based access control (RBAC) and fine-grained Entra Azure attribute-based access control (ABAC).

Azure Storage safeguards data in transit with network protections such as network security perimeter, private endpoint/Private Link and virtual networks, and encryption for data in transit via TLS. It uses service-side encryption (SSE) to automatically encrypt all Azure Storage resources persisted to the cloud, including blobs and object metadata, and cannot be disabled. While Storage automatically encrypts all data in a storage account at the service level using 256-bit AES encryption (one of the strongest block ciphers available), it is also possible to enable 256-bit AES encryption at the infrastructure level for double encryption to protect against a scenario where one of the encryption algorithms or keys might be compromised.

Azure Storage integrates with Azure Backup and Microsoft Defender for ransomware and malware protection. Azure Storage also supports a wide range of data protection scenarios, such as preventing deletion or modification of accounts and blobs through immutability settings and enabling recovery from data deletion or overwrites through soft delete and versioning.  

A look at the attack chain

To help defenders apply appropriate controls and our recommendations against various threat scenarios across the attack chain, we take a closer look at the progression.

Reconnaissance

Threat actors enumerate Blob Storage to identify publicly exposed data and credentials that they can leverage later in the attack chain. Common tactics include DNS and HTTP header probing to scan for valid *.blob.core.windows.net subdomains. Threat actors can now also use language models to generate plausible storage account or container names to make brute-forcing more effective.

Enumeration tools like Goblob have long been made available on GitHub, and threat actors can extend this type of capability misusing other tools on GitHub like QuickAZ, which combines storage enumeration with other Azure reconnaissance capabilities. Threat actors may also try to leverage PowerShell-based scanners easily accessible to brute-force prefix and suffix combinations for hours using permutation dictionary scripts. They can also turn to dedicated indexers cataloging tens of thousands of publicly exposed containers.  

When sensitive credentials, such as storage account keys, shared access signatures (SAS), or Microsoft Entra ID principal credentials are discovered in source code repositories or configuration files (including version histories), threat actors can more easily gain an initial foothold. Storage account keys are particularly high risk if they grant full read, write, and delete access to storage resources. With these credentials, threat actors can escalate privileges, move laterally, or proceed directly to exfiltrate data.

Resource development

Threat actors try to exploit misconfigured or missing identity controls to create malicious resources in Blob Storage in furtherance of their operations and targeting. They may attempt to leverage Azure Blob Storage to host spoofed versions of legitimate Microsoft sign-in pages to make it more challenging for potential victims to discern based on an inspection of the SSL certificates alone.

Threat actors may attempt to place malicious executables or macro-enabled documents in containers left open to anonymous access or secured by weak or compromised SAS. This could lead to victims downloading harmful content directly from those blob URLs.

Since Blob Storage often stores machine learning training datasets, threat actors may exploit it for data poisoning by injecting mislabeled or malicious samples to skew model behavior and produce incorrect predictions.

Initial access

A single misconfigured endpoint could expose sensitive information. Theoretically, a threat actor could attempt to exploit blob-triggered Azure Functions using Event Grid that process files in storage containers, or Azure Logic Apps that automate file transfers from external sources like FTP servers, to gain entry to downstream workflows linked to Azure Storage—if those workflows rely on misconfigured or insufficiently secured authentication mechanisms. This could allow an attacker to maliciously trigger trusted automation or hijack event routing to escalate privileges or move laterally within the environment.

Persistence

If a threat actor gains access to an environment through Blob Storage, they may attempt to establish a long-term foothold by manipulating identity and access configurations that are resilient to standard remediation efforts such as key rotations or password resets. These techniques may include assigning built-in roles or custom roles with elevated privileges to identities under their control, generating SAS with broad permissions and extended expiration periods, modifying container-level access policies to permit anonymous read access, enabling Secure File Transfer Protocol (SFTP) on storage accounts, or leveraging soft-delete capabilities to conceal malicious payloads by uploading, deleting, and later restoring blobs.

Threat actors frequently abuse legitimate tools such as AADInternals to establish backdoors and persist, enabling access to both cloud and hybrid resources. Additionally, frameworks like AzureHound are extensively leveraged to identify privileged escalation paths from enumerated Azure resources.

Defense evasion

Threat actors may attempt to evade detection by tampering with Blob Storage networking and logging configurations—loosening or deleting firewall rules, adding overly permissive IP address ranges or virtual network (VNet) rules, creating unauthorized private endpoints, distributing requests across regions, or disabling diagnostic logging.

Credential access

Threat actors may attempt to obtain Blob Storage credentials through several vectors, including token and key extraction, cloud shell persistence abuse, and exposure through misconfigurations. For token and key extraction, threat actors with access to Entra ID tokens may reuse refresh tokens to obtain new access tokens, or invoke privileged management APIs (for example, listKeys) to extract primary and secondary storage account keys. These keys may grant full data-plane access and bypass identity-based controls. For cloud shell persistence abuse, because Azure Cloud Shell stores session data within a hidden blob container within the user’s storage account, threat actors with access may retrieve cached credentials, command history, or configuration files containing sensitive information. Finally, for exposure through misconfiguration, if secure transfer is not enforced or network access controls are overly permissive, shared keys or SAS tokens may be exposed in transit or through public endpoints. This includes keys and tokens found in exposed or compromised endpoints or code-repositories. These credentials can then possibly be reused by threat actors to access or exfiltrate data.

Discovery

After gaining a foothold in Azure, threat actors might map Blob Storage to locate valuable data and understand defensive settings. To uncover blob containers unintentionally exposed publicly, they could enumerate the broader cloud estate—querying subscriptions, resource groups, and storage account inventories. After identifying accounts, threat actors could probe deeper: listing containers and blobs, inspecting metadata, and retrieving configuration details such as firewall rules, logging targets, immutability policies, and backup schedules. This would enable them to identify where sensitive data resides and assess which controls can be bypassed or disabled to facilitate collection, exfiltration, or destruction.

Lateral movement

When a new blob is added to a container, Azure can trigger Azure Functions, Logic Apps, or other workflows. If a threat actor controls the source container and an Event Grid subscription is configured, they may upload specially crafted files that trigger downstream compute resources running under managed identities, which may have elevated permissions to move laterally into other services.

If Azure Functions store their code in Azure Storage and threat actors gain write access, they may attempt to replace the code with malicious files. When the function is triggered by a blob event, HTTP request or timer, it could run malicious code under the function’s identity, potentially granting access to other resources.

Threat actors may also target automated data pipelines or third-party integrations that trust blob-based inputs. Enterprises often use Azure Data Factory and Azure Synapse Analytics to copy and transform data from Azure Blob Storage. These pipelines typically authenticate to Blob using managed identities, service principals, SAS tokens, or account keys, and may connect over managed private endpoints. If an attacker can modify data in a source container, they may influence downstream processing or gain access to services that trust the pipeline’s identity, enabling further lateral movement.

Collection

If blob containers are misconfigured, threat actors may be able to list and download large volumes of data directly from storage. If access is obtained, they may copy or export sensitive files into a staging container they control, using Storage operations like StartCopy, SyncCopy, or CopyBlob through AzCopy or the Azure Storage REST API to stay within Azure and evade detection. They may compress or encrypt the data cache internally as well before attempting to exfiltrate it.

Command and control

Blob Storage can be abused to distribute malware if the account or credentials are compromised. Threat actors may try to use Blob Storage as a covert beacon channel, where malware running on compromised hosts periodically polls for new blobs or metadata updates containing command payloads. After infecting a target, malware might send HEAD or GET requests to the Azure blob’s REST API, retrieving metadata without downloading the file content. If malware parses these headers as communication channels, it may send exfiltrated data back by writing separate metadata updates. Threat actors could embed new commands within metadata fields, meaning the blob’s content remains unchanged while the metadata plane acts as a persistent, stealthy command-and-control (C2) server. 

Additionally, threat actors may attempt to exploit object replication to propagate payloads across environments. If a replication policy is successfully configured, any new blobs added to a compromised source container are automatically copied to a trusted destination container—turning it into a distribution hub and enabling supply chain–style attacks.

Exfiltration

If threat actors gain access to the environment, they might leverage Azure-native tools like Azure Storage Explorer or AzCopy to exfiltrate data at scale—exploiting Azure’s high bandwidth and trusted domains to evade detection. 

For instance, they could enable static website hosting and copy sensitive blobs into the publicly accessible $web container. Disabling anonymous access on the storage account-level offers no protection here, because the $web container always remains publicly accessible. In another scenario, threat actors could exfiltrate data into a separate Azure subscription they control, using Microsoft’s internal network as a covert transport layer to bypass controls. 

Threat actors could also embed exfiltration logic within Azure Functions, Logic Apps, or Automation runbooks, disguising them as legitimate maintenance tasks and throttling transfers to stay below volume or rate thresholds.

Third-party integrations can also lead to indirect exposure if the integrated products are compromised. For example, in 2023, defenders whose environments had MOVEit Transfer application connected to Blob Storage for file transfers or archiving partially contained a zero-day vulnerability, which was later attributed in a tweet by Microsoft to Lace Tempest (known for ransomware operations and running the Clop extortion site).

Impact

If threat actors obtain high privilege roles, storage account keys, or broadly scoped SAS tokens, they can cause extensive damage—for example, issuing mass DeleteBlob or DeleteContainer operations, overwriting objects including with empty content, or re-encrypting data by reuploading modified content or writing new content to blobs. With the necessary privileges, threat actors can also modify file contents or metadata, change access tiers, and remove legal holds. In many scenarios, simply reading or exfiltrating data can result in long-term impact, even without immediate disruption—such as in cases of espionage.

Recommendations

Microsoft recommends the following mitigations to reduce the impact of this threat. 

Apply zero trust principles to Azure Storage.

Business asset security depends on the integrity of the privileged accounts that administer your IT systems. Refer to our FAQ for answers on securing privileged access. Learn to enable the Azure identity management and access control security best practices, such as ensuring separate user accounts and mail forwarding for Global Administrator accounts. Follow best practices for using Microsoft Entra role-based access control.

Implement our security recommendations for Blob Storage.

• Data protection
• Identity and access management
• Networking
• Logging and monitoring

Monitor the Azure security baseline for Storage and its recommendations using Defender for Cloud.

Microsoft Defender for Cloud periodically analyzes the security state of your Azure resources to identify potential security vulnerabilities and then provides security recommendations on how to address them. For more information, see Review your security recommendations.

Enable Microsoft Defender for Storage.

Defender for Storage provides an additional layer of security intelligence that detects unusual and potentially harmful attempts to access or exploit storage accounts. Its alerts detect and prevent top cloud storage threats, including sensitive data exfiltration, data corruption, and malicious file uploads. For more information, see Understand security threats and alerts in Microsoft Defender for Storage.

You don’t need to enable diagnostic logs for analysis. Defender for Storage also detects suspicious activities from entities without identities that access your data using misconfigured and overly permissive SAS. These SAS might be leaked or compromised.

Sensitive data threat detection considers the sensitivity of the data at risk, quickly identifying and addressing the most significant risks. It also detects exposure events and suspicious activities on resources containing sensitive data. Learn more about sensitive data threat detection.

Enable Defender for Storage via built-in policy. Monitor compliance states to detect if an attacker attempts to tamper with Defender for Storage to evade defenses, and automatically respond with alerts and recovery tasks.

• Enable malware scanning.

Malware scanning in Defender for Storage detects in near real-time and mitigates a wide variety of malware threats either by scanning blobs automatically when blobs are being frequently uploaded or modified, or on-demand for proactive security, incident response, integrating partner data, and securing data pipelines and machine learning datasets.

You can store scan results using index tags, which can be used by applications to automate workflows. Microsoft Defender for Cloud also generates relevant security alerts in the portal, so you can configure automations or export them to Microsoft Sentinel or another SIEM. You can also send results to an Event Grid for automating response and create an audit trail with Log Analytics.

Scanning supports automated remediation through built-in soft deletion of malicious blobs discovered during scanning, blocking access, quarantining and forwarding clean files.

Enable Defender Cloud Security Posture Management (CSPM).

Enabling the CSPM plan extends CSPM capabilities that are automatically enabled as part of Defender for Cloud to offer extra protections for your environment such as cloud security explorer, attack path analysis, and agentless scanning for machines.  

• Use sensitive data discovery.

The Sensitive data discovery component of CSPM identifies sensitive resources and their related risks, then helps prioritize and remediate those risks using the Microsoft Purview classification engine.

Use the cloud security checklist as a structured approach for securing your Azure cloud estate.

This checklist provides security guidance for those managing the technology infrastructure that supports all the workload development and operations hosted on Azure. To help ensure your workloads are secure and aligned with the Zero Trust model, use the design review checklist for security. We also provide complementary guidance on applying security practices and DevSecOps controls in a security development lifecycle.

Enable threat protection for AI services.

Blob Storage is often used to store training datasets for Azure Machine Learning. Because data poisoning is among the most severe machine learning threats, it is critical to scan uploads before they ever enter your pipeline to prevent targeted poisoning attacks.

Microsoft Defender XDR detections

Microsoft Defender for Cloud

When Defender for Storage is enabled, the following alerts in Defender for Cloud may indicate Azure Blob Storage threat activity. Note that other alerts apply to Azure Files.

Some of these alerts will not work if sensitive data threat detection is disabled. Some alerts may be relevant to secondary stages of the attack chain or only be an indication of a penetration test in your organization.

Reconnaissance

• Publicly accessible storage containers successfully discovered
• Publicly accessible storage containers unsuccessfully scanned
• Access from a known suspicious IP address to a sensitive blob container
• Access from a Tor exit node to a sensitive blob container
• Access from a suspicious IP address
• Unusual data exploration in a storage account

Resource Development

• Phishing content hosted on a storage account
• Suspicious external access to an Azure storage account with overly permissive SAS token 
• Suspicious external operation to an Azure storage account with overly permissive SAS token 
• Unusual SAS token was used to access an Azure storage account from a public IP address

Initial Access

• Access from a known suspicious application to a sensitive blob container
• Access from a suspicious application
• Access from an unusual location to a sensitive blob container
• Access from an unusual location to a storage account
• Authenticated access from a Tor exit node
• Unusual unauthenticated access to a storage container
• Unusual unauthenticated public access to a sensitive blob container 

Discovery

• Unusual access inspection in a storage account 

Lateral Movement

• Unusual application accessed a storage account 
• Malicious blob was downloaded from a storage account (with malware scanning add-on enabled)

Collection

• The access level of a potentially sensitive storage blob container was changed to allow unauthenticated public access
• The access level of a sensitive storage blob container was changed to allow unauthenticated public access 

Command and control

• Potential malware uploaded to a storage account
• Malicious file uploaded to storage account (with malware scanning add-on enabled; this alert may be an indication that a threat actor intentionally uploaded malware or that a legitimate user unintentionally uploaded a malicious file)

Exfiltration

• Unusual amount of data extracted from a sensitive blob container
• Unusual amount of data extracted from a storage account 
• Unusual number of blobs extracted from a sensitive blob container 

Impact

• Unusual deletion in a storage account 

Threat intelligence reports

Microsoft customers can use the following reports in Microsoft products to get the most up-to-date information about the threat actor, malicious activity, and techniques discussed in this blog. These reports provide the intelligence, protection information, and recommended actions to prevent, mitigate, or respond to associated threats found in customer environments.

Microsoft Defender Threat Intelligence

• Threats targeting or leveraging Azure Blob Storage

Microsoft Security Copilot

Security Copilot customers can use the standalone experience to create their own prompts or run the following pre-built promptbooks to automate incident response or investigation tasks related to this threat:

• Incident investigation
• Microsoft User analysis
• Threat actor profile
• Threat Intelligence 360 report based on MDTI article
• Vulnerability impact assessment

Note that some promptbooks require access to Microsoft plugins such as for either Microsoft Defender XDR or Microsoft Sentinel.

MITRE ATT&CK Techniques observed

This threat exhibits the use of the following attack techniques. For standard industry documentation about these techniques, refer to the MITRE ATT&CK framework.

Reconnaissance

T1593.002 Search Open Websites/Domains: Search Engines | Threat actors may use search engines and advanced querying (for example, site:*.blob.core.windows.net) to discover exposed Blob Storage accounts.

T1594 Search Victim-Owned Websites | Threat actors might look for storage accounts of a victim enterprise by searching its websites. Victim-owned website pages might be stored on a storage account or contain links to retrieve data stored in a storage account. The links contain the URL of the storage and provide an entry point into the account.

T1595.003 Active Scanning: Wordlist Scanning | Threat actors might attempt to locate publicly accessible cloud storage accounts or containers by iteratively trying different permutations or using target-specific wordlists to discover storage endpoints that can be probed for vulnerabilities or misconfigurations.

T1596 Search Open Technical Databases | Threat actors might search public databases for publicly available storage accounts that can be used during targeting.

T1596.001 Search Open Technical Databases: DNS/Passive DNS | Threat actors might search for DNS data for valid storage account names that could become potential targets by querying nameservers using brute-force techniques to enumerate existing storage accounts in the wild or searching through centralized repositories of DNS query responses.

Resource Development

T1583.004 Acquire Infrastructure: Server | If threat actors exploit weak or misconfigured identity controls, Blob Storage could be misused as attacker-controlled infrastructure for hosting malicious payloads, phishing, or C2 scripts.

Initial Access

T1566.001 Phishing: Spearphishing Attachment | Blob Storage could host malicious attachments for spear phishing if threat actors leverage compromised SAS tokens or misconfigured anonymous access.

T1566.002 Phishing: Spearphishing Link | Blob Storage could be misused as a publicly accessible host for spear-phishing links if anonymous or misconfigured containers exist.

T1078.004 Valid Accounts: Cloud Accounts | Threat actors could gain an account-like foothold in Blob Storage if they compromise SAS or storage account keys or successfully take control of a Microsoft Entra ID principal account that holds roles or permissions over Blob Storage. 

Persistence

T1098.001 Account Manipulation: Additional Cloud Credentials | To maintain access even if compromised credentials are revoked, threat actors may try to exploit Blob Storage’s Role-Based Access Control (RBAC) by modifying permissions on identity objects, like Microsoft Entra ID security principals. They may also create high-privilege SAS tokens with long expiry, modify container access levels to allow anonymous reads, or provision SFTP accounts that bypass key rotation.

Defense Evasion

T1562.011 Impair Defenses: Disable or Modify Tools | Threat actors can try to disable, suppress, or modify Defender for Storage scanning features.

T1562.007 Impair Defenses: Disable or Modify Cloud Firewall | Threat actors may try to disable, modify, or reconfigure Blob Storage’s firewall and virtual network rules—such as by granting exceptions for trusted services through managed identities, establishing private endpoints, or leveraging geo-replication—to mask access channels and maintain persistent, covert access even if primary credentials are revoked. 

Credential Access

T1528 Steal Application Access Token | Threat actors may compromise Blob Storage by stealing OAuth-based application access tokens (including refresh tokens) or by leveraging subscription-level privileges to query management APIs and extract primary and secondary storage account keys. While compromised tokens enable impersonation of legitimate users with constrained, renewable privileges, keys grant unrestricted data-plane access that bypasses identity-based controls. Possession of either credential type can lead to full access to blob containers, facilitating data compromise and lateral movement across the cloud environment.

T1003 OS Credential Dumping | Threat actors might dump Cloud Shell profiles and session history—stored in blob containers of an Azure Storage account—to extract sensitive credentials such as OAuth tokens, API keys, or other authentication secrets. While these credentials differ from traditional OS password hashes, their extraction is analogous to conventional credential dumping because threat actors can use them to impersonate legitimate users and gain unauthorized, persistent access to Blob Storage, facilitating lateral movement and data compromise.

T1040 Network Sniffing | Threat actors might passively intercept network traffic destined for Blob Storage when unencrypted protocols are allowed, exposing shared keys, SAS tokens, or API tokens that could then be used to gain unauthorized access to the blob data plane. By exploiting cloud-native traffic mirroring tools, a threat actor could intercept and analyze the network data flowing to and from the virtual machines interacting with Blob Storage.

Discovery

T1580 Cloud Infrastructure Discovery | Blob Storage could be enumerated post-compromise to list subscriptions, resource groups, or container names that are not externally visible.

T1619 Cloud Storage Object Discovery | Blob Storage could be enumerated post-compromise to find specific blob data and configuration details, such as by call listing APIs to inventory objects or use control-plane access to retrieve firewall rules, logging, and backup policies.

Lateral Movement

T1021.007 Remote Services: Cloud Services | Threat actors might manipulate Blob Storage to trigger a compute service, such as Azure Functions, after placing a malicious blob in a monitored container. This automatic execution chain lets attackers pivot from the compromised container to the compute resource, potentially infiltrating additional components.

Collection

T1074.002 Data Staged: Remote Data Staging | Blob Storage could be used as a “staging area” if permissions are overly broad.

T1530 Data from Cloud Storage Object | Blob Storage could be abused to retrieve or copy data directly from containers if they are misconfigured, publicly accessible, or if keys or SAS tokens are obtained. This might include selectively downloading stored files.

Command and Control

T1105 Ingress Tool Transfer | Threat actors might upload and store malicious programs or scripts in Blob Storage after compromising the storage account or its credentials, leverage automatic synchronization to “fan out” malicious payloads across hosts that regularly pull from blob containers, and facilitate ongoing C2 to enable additional compromise and lateral movement. By merging malicious uploads with normal blob usage, threat actors could stealthily distribute harmful tools to multiple hosts simultaneously, reinforcing both C2 and lateral movement.

Exfiltration

T1567.002 Exfiltration Over Web Service: Exfiltration to Cloud Storage | Blob Storage may facilitate data exfiltration if permissions are overly permissive or credentials (for example, account keys, SAS tokens) are compromised. Threat actors may abuse the “static website” feature to expose blob containers through public web endpoints or use tools like AzCopy to transfer stolen data.

T1030 Data Transfer Size Limits | A threat actor might deliberately constrain the packet sizes of Blob Storage data to remain below established thresholds by transferring it in fixed-size chunks rather than as entire blobs.

T1020 Automated Exfiltration | Threat actors might embed exfiltration routines in predefined automation processes in Blob Storage to evade detection.

T1537 Transfer Data to Cloud Account | Threat actors might transfer Blob Storage data to another cloud account that is under their control by using internal APIs and network paths that evade detection mechanisms focused on external data transfers.

Impact

T1485 Data Destruction | Blob Storage could be compromised or misused for data destruction, where a threat actor deletes or overwrites blob data for impact.

T1486 Data Encrypted for Impact | Blob Storage could be targeted by ransomware if threat actors obtain privileged access or compromise keys.

T1565 Data Manipulation | Threat actors might insert, delete, or modify Blob Storage data to compromise data integrity and influence outcomes by altering blob contents or metadata, disrupting business processes, distorting organizational insights, or concealing malicious activities.

References

• https://attack.mitre.org/
• https://cyberdom.blog/azure-blob-storage-powershell-scanning-script/
• https://grayhatwarfare.medium.com/how-to-search-for-open-amazon-s3-buckets-and-their-contents-https-buckets-grayhatwarfare-com-577b7b437e01
• https://www.bleepingcomputer.com/news/security/ransomware-gangs-now-abuse-microsoft-azure-tool-for-data-theft/
• https://www.progress.com/moveit
• https://x.com/MsftSecIntel/status/1665537730946670595

Learn more

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To get notified about new publications and to join discussions on social media, follow us on LinkedIn, X (formerly Twitter), and Bluesky.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast.

The post Inside the attack chain: Threat activity targeting Azure Blob Storage appeared first on Microsoft Security Blog.

Microsoft Defender for Cloud, the integrated CNAPP from Microsoft, delivers comprehensive security and compliance from code to runtime, enhanced by generative AI and threat intelligence to help you secure your hybrid and multicloud environments. With Defender for Cloud, organizations can support secure development, minimize risks with contextual posture management, and protect workloads and applications from modern threats in a unified security operations (SecOps) experience.  

Defender for Cloud not only transcends traditional security silos and extends its end-to-end security across multicloud and hybrid infrastructure, it delivers advanced security posture management and threat remediation capabilities as well. In order to prove the solution’s business benefits, Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study. The study aims to provide business leaders and decision-makers with a solid framework with which they can evaluate the benefits and potential financial impact of Defender for Cloud on their organizations.

Through the course of the study, participating interviewees reported experiencing a wide variety of benefits related to Defender for Cloud, including reduced operational risk, a compressed, more secure development lifecycle, and reduced time to investigate and remediate threats faster.

All told, the study found that the benefits of Defender for Cloud add up to a significant net present value (NPV) of $4.25 million over three years. But that’s not the whole story. Here are some other key takeaways mentioned by Forrester’s interviewees.

1. Shorter threat investigation and remediation times

“[Defender for Cloud] just takes out the weird stuff happening on our network that ends up on the cybersecurity desk. We’ve already probably cut back about 60% of the workload, and a lot of that revolves around false positives, so I can get better data. The systems assess the data properly…I’m not even going to give it to the analyst. I’m going to auto-close.”

—Chief technology officer, Life Sciences

Defender for Cloud was found to register 50% fewer false positives than legacy security solutions. Simultaneously, the solution reduced the investigation and remediation times of legitimate threats by 30%. Due to these dramatic improvements, study participants avoided 36,000 investigation and remediation hours on average. By reallocating the corresponding $796,000 of SecOps labor to proactive threat hunting and other high-value activities, companies were able to further improve their security performance.

2. Improved security operations center (SOC) productivity

“[With Defender for Cloud], if the tools are configured properly, the [global] efficiencies in your SOC can probably be up to 30% for a fine-tuned environment.”

—Technical manager, Business-to-business Software

By broadening the number and types of workloads protected by Defender for Cloud, participating businesses saw an average 30% improvement in SecOps productivity. This boost was a combination of consolidating duplicative multicloud security policies, replacing patching processes and other similar time-consuming procedures with automation, and embracing the efficiency gains of a better-integrated Microsoft ecosystem. In financial terms, these productivity gains translate to a $5.6 million savings over three years.

3. Lower total cost of ownership

“[Without Defender for Cloud], it would be so much more complex. It would cost us double to maintain [our multicloud security stack].”

—Cyberdefense leader, Materials

Interviewees reported that Defender for Cloud reduced their licensing costs by 10% when compared to legacy security solutions. This savings is the result of eliminating the licensing and management costs associated with five legacy security solutions over three years—made possible because of the breadth of workloads protected by Defender for Cloud. Interviewees also reported 1,700-hour reduction in security stack administrative work thanks to their ability to consolidate workloads across their multicloud infrastructures. These adjustments together yielded more than $1 million in cost savings.

4. More comprehensive cyberthreat coverage and prioritization

“Microsoft is capturing 10% of real incidents [not caught by other solutions deployed], reducing our attack surface by 10%.“

—Chief information security officer (CISO), Technology

Defender for Cloud caught 10% more legitimate cyberthreats than the prior security environments study participants had been using, on average. Each of these threats required a response and would have been missed. Interviewees defined the incidents they had previously lacked the capacity to address a mix of increasingly complex and overlapping cyberthreats that included but were not limited to runtime container risk, overprovisioning container privileges, malware, phishing and social engineering efforts, and shadow IT. Not only did Defender for Cloud identify these incidents, it provided greater context surrounding them, improving threat prioritization and avoiding $292,000 in costs related to data breaches.

5. Lower compliance costs

“[Defender for Cloud] is capable of saving up to 5% of [my organization’s] engineering overhead around [audit and compliance] meetings and collaboration.”  

—CISO, Technology

With Defender for Cloud, participating organizations decreased their compliance-related costs. Auditing fees were avoided and compliance-related meeting schedules were streamlined, reducing reliance on outside auditing services. Over three years, the average savings related to these process improvements was $857,000, a 15% reduction in audit compliance overhead.

The advantages of Microsoft Defender for Cloud

Overall, the Forrester study found that Defender for Cloud markedly enhanced the security, compliance, and operational efficiency of each company participating in the TEI study. Through representative interviews and financial analysis, Forrester determined that a composite organization experiencing the aggregate benefits of the study’s participants received $8.52 million in financial benefits over three years. In balancing these benefits against $4.27 million in costs over the same period, Forrester determined that Defender for Cloud represents a net present value (NPV) of $4.25 million.

Interviewees participating in the study went beyond the financial benefits in their praise of Defender for Cloud. After adopting the solution, participants saw reduced risk and improvements to both their security and compliance postures at scale. Even as regulatory and compliance landscapes shifted beneath their feet, these organizations were better able to use the added context of Microsoft cloud security benchmarks to stay on solid ground—remaining compliant when others might not have.

Additionally, interviewees noted that Defender for Cloud helped them more securely collaborate with their technology partners and to establish more secure, more efficient software development pipelines. These benefits, interviewees emphasized, would have further benefits down the road as well, including reduced development times, improved time-to-value, and ultimately greater potential for business growth.

Learn more

To learn more about the business value of Microsoft Defender for Cloud, explore the Total Economic Impact™ Of Microsoft Defender for Cloud study for further analysis and findings, as well as the perspectives of Defender for Cloud users interviewed in the study. Also, register for the webinar featuring Forrester on top cloud security trends, key considerations, and quantifying the business value of CNAPP.

Learn more about Microsoft Cloud Security Solutions.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Microsoft Defender for Cloud remediated threats 30% faster than other solutions, according to Forrester TEI study appeared first on Microsoft Security Blog.

Securing multicloud environments is a deeply nuanced task, and many organizations struggle to fully safeguard the many different ways cyberthreat actors can compromise their environment. In our latest report, “2024 State of Multicloud Security Risk,” we analyzed usage patterns across Microsoft Defender for Cloud, Microsoft Security Exposure Management, Microsoft Entra Permissions Management, and Microsoft Purview to identify the top multicloud security risks across Microsoft Azure, Amazon Web Services (AWS), Google Cloud Platform (GCP), and beyond. This is the first time Microsoft has released a report sharing key insights across aspects of cloud security, including identity and data. 

This multidimensional analysis is key because it provides deeper visibility into all of the angles cyberattackers can use to breach cloud environments. For example, we found that more than 50% of cloud identities had access to all permissions and resources in 2023. Can you imagine what would happen if even one of these “super identities” were compromised? Looking beyond identity and access, we also discovered significant vulnerabilities in development and runtime environments and within organizations’ data security postures. These threats and more are the driving forces behind Microsoft’s work to advance cybersecurity protections by sharing the latest security intelligence and through programs like the recently expanded Secure Future Initiative, which works to guide Microsoft advancements according to secure by design, secure by default, and secure operations principles.

Read on for our topline insights from the report.

2024 State of Multicloud Security

The new report shares trends and insights to drive an integrated multicloud security strategy.

Read the report

1. Multicloud security demands a proactive, prioritized approach  

Any practitioner who has worked in cloud security can tell you just how challenging it is to analyze, prioritize, and address the hundreds of security alerts they receive every day. Security teams are also responsible for managing all exposed assets and other potential risk vectors. The average multicloud estate has 351 exploitable attack paths that lead to high-value assets, and we discovered more than 6.3 million exposed critical assets among all organizations.  

Cloud security posture management (CSPM) is one solution, but rather than taking a siloed approach, we recommend driving deeper, more contextualized CSPM as part of a cloud-native application protection platform (CNAPP).  

CNAPPs are unified platforms that simplify securing cloud-native applications and infrastructure throughout their lifecycle. Because CNAPPs can unify CSPM with things like multipipeline DevOps security, cloud workload protections, cloud infrastructure entitlement management (CIEM), and cloud service network security (CSNS), they can correlate alerts and eliminate visibility gaps between otherwise disparate tools. This allows security teams to proactively identify, prioritize, and mitigate potential cyberattack paths before they can be exploited. 

2. CNAPP embeds secure best practices throughout the entire application lifecycle

Properly securing cloud-native applications and infrastructure from initial code development to provisioning and runtime is a significant challenge area for many organizations. We found that 65% of code repositories contained source code vulnerabilities in 2023, which remained in the code for 58 days on average. Given that one quarter of high-risk vulnerabilities are exploited within 24 hours of being published, this creates a significant window for threat actors to take advantage and compromise your environment.²

In addition to delivering proactive protection during runtime, CNAPP can act as a shared platform for security teams to work with developers to unify, strengthen, and manage multipipeline DevOps security. And because CNAPP unites multiple cloud security capabilities under a single umbrella, security teams can also enforce full-lifecycle protections from a centralized dashboard. This shifts security left and heads off development risks before they become a problem in runtime.  

3. Organizations need a unified security approach to secure cross-cloud workloads

Multicloud security goes deeper than attack path analysis and strong DevSecOps. Organizations also need to examine how the growing use and variety of cloud workloads impact their exposure to cyberthreats. When cloud workloads span across multiple cloud environments, that creates a more complex threat landscape with additional complexities and dependencies that require proper configuration and monitoring to secure.  

Microsoft’s CNAPP solution, Microsoft Defender for Cloud, has an extended detection and response (XDR) integration that provides richer context to investigations and allows security teams to get the complete picture of an attack across cloud-native resources, devices, and identities. Roughly 6.5% of Defender for Cloud alerts were connected to other domains—such as endpoints, identities, networks, and apps and services—indicating cyberattacks that stretched across multiple cloud products and platforms.  

Rather than using individual point solutions to manage cross-cloud workload threats, organizations need an easy way to centralize and contextualize findings across their various security approaches. A CNAPP delivers that unified visibility. 

4. Securing growing workload identities requires a more nuanced approach

Also central to multicloud security is the idea of identity and access management. In the cloud, security teams must monitor and secure workload identities in addition to user identities. These workload identities are assigned to software workloads, such as apps, microservices, and containers. The growing usage of workload identities creates several challenges. 

For starters, workload identities make up 83% of all cloud identities within Microsoft Entra Permissions Management. When examining the data, we found that 40% of these workload identities are inactive—meaning they have not logged in or used any permissions in at least 90 days. These inactive identities are not monitored the same way as active identities, making them an attractive target for cyberattackers to compromise and use to move laterally. Workload identities can also be manually embedded in code, making it harder to clean them without triggering unintended consequences.  

What’s concerning, though, is the fact that the average organization has three human super identities for every seven workload super identities. These workload super identities have access to all permissions and resources within the multicloud environment, making them an enormous risk vector that must be addressed. And because workload identities are growing significantly faster than human identities, we expect the gap between human and workload super identities to widen rapidly.  

Security teams can address this risk by establishing visibility into all existing super identities and enforcing least privilege access principles over any unused or unnecessary permissions—regardless of the cloud they access. 

5. CIEM drives visibility and control over unused permissions

Speaking of permissions, our report found that more than 51,000 permissions were granted to users and workloads (up from 40,000 in 2022). With more permissions come more access points for cyberattackers.  

A CIEM can be used to drive visibility across the multicloud estate, eliminating the need for standing access for super identities, inactive identities, and unused permissions. Just 2% of human and workload identity permissions were used in 2023, meaning the remaining 98% of unused permissions open organizations up to unnecessary risk.  

By using a CIEM to identify entitlements, organizations can revoke unnecessary permissions and only allow just-enough permissions, just in time. This approach will significantly mitigate potential risks and enhance the overall security posture.  

6. A multilayered data security approach eliminates complexity and limits blind spots

Finally, organizations need a comprehensive data security approach that can help them uncover risks to sensitive data and understand how their users interact with data. It’s also important to protect and prevent unauthorized data use throughout the lifecycle using protection controls like encryption and authentication. 

A siloed solution won’t work, as organizations with 16 or more point solutions experience 2.8 times as many data security incidents as those with fewer tools. Instead, organizations should deploy integrated solutions through a multilayered approach that allows them to combine user and data insights to drive more proactive data security. At Microsoft, we accomplish this through Microsoft Purview—a comprehensive data security, compliance, and governance solution that discovers hidden risks to data wherever it lives or travels, protects and prevents data loss, and investigates and responds to data security incidents. It can also be used to help improve risk and compliance postures and meet regulatory requirements. 

Uncover strategies for mitigating your biggest multicloud risks 

Ultimately, multicloud security has multiple considerations that security teams must account for. It is not a check-the-box endeavor. Rather, security teams must continuously enforce best practices from the earliest stages of development to runtime, identity and access management, and data security. Not only must these best practices be enforced throughout the full cloud lifecycle, but they must also be standardized across all cloud platforms.

In a recent episode of our podcast, Uncovering Hidden Risks, we sat down with Christian Koberg-Pineda, a Principal Security DevOps Engineer at S.A.C.I. Falabella, to dive into his journey toward uncovering the challenges and strategies for safeguarding cloud-native applications across various cloud platforms. In it, he talks about the complexity of securing multiple clouds, including navigating differing configurations, technical implementations, and identity federation.

“One of the most relevant characteristics of cloud computing is that you can scale things on demand. As cloud security expert, you must think in scale too. You need to implement a security tool that is also capable of scaling together with your infrastructure or your services.”

– Christian Koberg-Pineda, Principal Security DevOps Engineer at S.A.C.I. Falabella

For more information on creating a secure multicloud environment, download the full “2024 State of Multicloud Security Risk” report and check out the below resources.  

• Uncovering Hidden Risks Podcast Episode 18: Navigating Multicloud Security Risks, A Customer Story.
• 2024 State of Multicloud Security Risk Report Infographic.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹SANS 2023 Multicloud Survey: Navigating the Complexities of Multiple Cloud,  SANS Institute. 

²1 in 4 high-risk CVEs are exploited within 24 hours of going public, SC Media.

The post 6 insights from Microsoft’s 2024 state of multicloud risk report to evolve your security strategy appeared first on Microsoft Security Blog.

CNAPP combines several cybersecurity capabilities—cloud security posture management (CSPM), cloud infrastructure entitlement management (CIEM), and cloud workload protection (CWP), among others—into one platform. This platform protects your organization through every operation, from concept development to runtime use. And it’s tailored to applications native to a multicloud environment. As a result, you can both ensure management access and strengthen app-related defenses against potential vulnerabilities in multicloud setups.

Choosing CNAPP as your solution can help chief information security officers (CISOs) build impact.¹ When weighing the value of CNAPP, consider these numbers:

• 40% of organizations used a CNAPP in 2023 and an additional 45% expect to use one by the end of 2024.²
• 87% of organizations embrace multicloud.³
• 82% of breaches involved data stored in the cloud.⁴
• $4.45 million is the average cost of a data breach.⁵
• 54% of organizations do not include security in the development phase.⁶

Read on for five of the biggest insights found in the guide and download “From plan to deployment: implementing a cloud-native application protection platform (CNAPP) strategy” to dive deeper into this important subject. Use it as a valuable resource to guide your CNAPP planning.

Implementing a CNAPP strategy

Learn how a cloud-native application protection platform can strengthen your organization’s security strategy.

Get the guide

Insight #1: AI can tighten security and deliver insights

AI and machine learning play key roles in threat mitigation and security operations for cloud security. In fact, they could even be considered the backbone of these strategies because they give you the ability to analyze and respond to threats in real-time. Seconds matter in cybersecurity and could be the difference between minimal and major damage from a cyberattack.

AI and machine learning can also provide an assist by increasing predictive analysis and automating security tasks, helping your employees prioritize strategic security tasks. Manually managing today’s complex cloud infrastructures simply isn’t possible. The key is to include human oversight with human-in-the-loop monitoring of the technologies.

Insight #2: CNAPP can address challenges like alert overload and more

CNAPP holds day-to-day ease for security teams and strategic value for decision-makers. And there’s an urgent need for an end-to-end platform for cloud security—even better if powered by AI and machine learning. CNAPP helps you address some of the biggest challenges in cloud security, including:

• Building security into software during development: Security as code, which involves building security into software during development, will keep gaining momentum. CNAPP benefits the development process in several ways, including ensuring security is part of application development and forging collaboration between the developers and security teams.  
• Improving multicloud security posture: With CNAPP solutions, you can get an aggregation and analysis of data from multiple cloud platforms and services in a unified dashboard. These centralized insights can help security teams prioritize tasks more easily. Expanding multicloud visibility and enhancing multiplatform protection are two advantages of recent Microsoft Security innovations.
• Decreasing costs and tackling advanced cyberthreats: Security operations center (SOC) analysts and security admins could be easily overwhelmed by the modern digital threat landscape and frustrated by the number of signals. The predictive analytics of CNAPP solutions can make it easier for them to identify and mitigate potential risks while automating security responses to threats.

Insight #3: Effective cybersecurity takes a good partner  

Keeping user needs in mind, Microsoft has its own CNAPP solution—Microsoft Defender for Cloud. This comprehensive security solution has robust security features to safeguard a wide array of resources, including servers, containers, databases, applications, and, crucially, data storage solutions like Microsoft Azure Storage, across various cloud platforms. Implementing Microsoft Defender for Cloud can protect against current threats and position your organization to confidently address emerging security threats in the cloud.

Cybersecurity is a dual effort between cloud service providers and users. Microsoft Defender for Cloud models this collaborative approach with a more integrated and proactive strategy than is common with traditional security. Among other attributes, it aligns with DevOps, features rapid deployment capabilities, and offers two levels of CSPM functionality—foundational and premium from an offering called Microsoft Defender Cloud Security Posture Management. Deploying CSPM services should be a part of your CNAPP strategy.

It also integrates with other cybersecurity solutions. But given the way Microsoft embraces innovation, it’s probably no surprise that we’ll continue to evolve this solution to keep pace with fluid technological advancement. So, as usual, watch this space for exciting announcements to come.

Insight #4: Operationalizing CNAPP is a multipronged approach

With any solution, the benefits can’t be realized if your users aren’t adopting it. Operationalizing Microsoft Defender for Cloud takes both integrating it into daily operations and satisfying your users’ needs by continuously evolving cloud security. You want your users to manage it and use the platform’s capabilities. This includes its functionalities across Microsoft Azure, Amazon Web Services, and Google Cloud Platform.

Other factors of operationalizing CNAPP include:

• Monitoring continuously, evaluating risk, and assessing status.
• Managing identity entitlement.
• Training employees to use security tools.
• Setting processes in place that can mitigate and remediate unhealthy resources.
• Fostering a culture of security awareness.

Insight #5: CNAPP is a critical part of a modern SOC

The SOC is critical and you strive for it to be efficient and effective. The insights from a CNAPP like Microsoft Defender for Cloud can dramatically transform SOC operations due to its total visibility, real-time monitoring, compliance and risk management tools, multiple integrations, and advanced analytics.

You can take a more proactive, strategic approach to cloud security with capabilities like:

• Detailed insights into threats and vulnerabilities, including their possible severity and impact.
• Automated compliance assessments based on industry standards.
• Post-incident analysis support through incident information.

Strengthening the SOC even further is a new Microsoft Defender for Cloud integration with Microsoft Defender XDR. You gain access to Defender for Cloud alerts and incidents within the Microsoft Defender portal for richer investigation context.

These highlights are just the beginning of what you can accomplish with CNAPP.

Explore the future of CNAPP and cloud security

Building a secure-first organization is critical to counter the continual stream of cyberthreats and the increasingly sophisticated nature of them. The future holds significant promise for CNAPP, and Microsoft is leading in this effort with solutions like Microsoft Defender for Cloud. Get details on CNAPP use case scenarios and Defender for Cloud’s integrations with other Microsoft products—and strategies for adopting and operationalizing it—in our guide “From plan to deployment: implementing a cloud-native application protection platform (CNAPP) strategy.” Or, watch our podcast for an expert discussion on how CNAPP helps you address modern challenges. Learn more about how Defender for Cloud can help you protect your multicloud resources, workloads, and apps.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Want to build impact as a CISO? Choose CNAPP as your solution, CSO. May 26, 2024. 

²The future of cloud security: Top trends to watch in 2024, InfoWorld. March 14, 2024. 

³2023 State of the Cloud Report, Flexera.

⁴Microsoft Enterprise DevOps Report. 

⁵Cost of a Data Breach Report, IBM. 2023. 

⁶Microsoft Cloud Security Priorities and Practices Research. 

The post 5 ways a CNAPP can strengthen your multicloud security environment appeared first on Microsoft Security Blog.

OpenMetadata is an open-source platform designed to manage metadata across various data sources. It serves as a central repository for metadata lineage, allowing users to discover, understand, and govern their data. On March 15, 2024, several vulnerabilities in OpenMetadata platform were published. These vulnerabilities (CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, CVE-2024-28254), affecting versions prior to 1.3.1, could be exploited by attackers to bypass authentication and achieve remote code execution. Since the beginning of April, we have observed exploitation of this vulnerability in Kubernetes environments.

Microsoft highly recommends customers to check clusters that run OpenMetadata workload and make sure that the image is up to date (version 1.3.1 or later). In this blog, we share our analysis of the attack, provide guidance for identifying vulnerable clusters and using Microsoft security solutions like Microsoft Defender for Cloud to detect malicious activity, and share indicators of compromise that defenders can use for hunting and investigation.

Attack flow

For initial access, the attackers likely identify and target Kubernetes workloads of OpenMetadata exposed to the internet. Once they identify a vulnerable version of the application, the attackers exploit the mentioned vulnerabilities to gain code execution on the container running the vulnerable OpenMetadata image.

After establishing a foothold, the attackers attempt to validate their successful intrusion and assess their level of control over the compromised system. This reconnaissance step often involves contacting a publicly available service. In this specific attack, the attackers send ping requests to domains that end with oast[.]me and oast[.]pro, which are associated with Interactsh, an open-source tool for detecting out-of-band interactions.

OAST domains are publicly resolvable yet unique, allowing attackers to determine network connectivity from the compromised system to attacker infrastructure without generating suspicious outbound traffic that might trigger security alerts. This technique is particularly useful for attackers to confirm successful exploitation and validate their connectivity with the victim, before establishing a command-and-control (C2) channel and deploying malicious payloads.

After gaining initial access, the attackers run a series of reconnaissance commands to gather information about the victim environment. The attackers query information on the network and hardware configuration, OS version, active users, etc.

As part of the reconnaissance phase, the attackers read the environment variables of the workload. In the case of OpenMetadata, those variables might contain connection strings and credentials for various services used for OpenMetadata operation, which could lead to lateral movement to additional resources.

Once the attackers confirm their access and validate connectivity, they proceed to download the payload, a cryptomining-related malware, from a remote server. We observed the attackers using a remote server located in China. The attacker’s server hosts additional cryptomining-related malware that are stored, for both Linux and Windows OS.

The downloaded file’s permissions are then elevated to grant execution privileges. The attacker also added a personal note to the victims:

Next, the attackers run the downloaded cryptomining-related malware, and then remove the initial payloads from the workload. Lastly, for hands-on-keyboard activity, the attackers initiate a reverse shell connection to their remote server using Netcat tool, allowing them to remotely access the container and gain better control over the system. Additionally, for persistence, the attackers use cronjobs for task scheduling, enabling the execution of the malicious code at predetermined intervals.

How to check if your cluster is vulnerable

Administrators who run OpenMetadata workload in their cluster need to make sure that the image is up to date. If OpenMetadata should be exposed to the internet, make sure you use strong authentication and avoid using the default credentials.

To get a list of all the images running in the cluster:

kubectl get pods --all-namespaces -o=jsonpath='{range .items[*]}{.spec.containers[*].image}{"\n"}{end}' | grep 'openmetadata'

If there is a pod with a vulnerable image, make sure to update the image version for the latest version.

How Microsoft Defender for Cloud capabilities can help

This attack serves as a valuable reminder of why it’s crucial to stay compliant and run fully patched workloads in containerized environments. It also highlights the importance of a comprehensive security solution, as it can help detect malicious activity in the cluster when a new vulnerability is used in the attack. In this specific case, the attackers’ actions triggered Microsoft Defender for Containers alerts, identifying the malicious activity in the container. In the example below, Microsoft Defender for Containers alerted on an attempt to initiate a reverse shell from a container in a Kubernetes cluster, as happened in this attack:

To prevent such attacks, Microsoft Defender for Containers provides agentless vulnerability assessment for Azure, AWS, and GCP, allowing you to identify vulnerable images in the environment, before the attack occurs.  Microsoft Defender Cloud Security Posture Management (CSPM) can help to prioritize the security issues according to their risk. For example, Microsoft Defender CSPM highlights vulnerable workloads exposed to the internet, allowing organizations to quickly remediate crucial threats.

Organizations can also monitor Kubernetes clusters using Microsoft Sentinel via Azure Kubernetes Service (AKS) solution for Sentinel, which enables detailed audit trail for user and system actions to identify malicious activity.

Indicators of compromise (IoCs)

Hagai Ran Kestenberg, Security Researcher
Yossi Weizman, Senior Security Research Manager

Learn more

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.

To get notified about new publications and to join discussions on social media, follow us on LinkedIn at https://www.linkedin.com/showcase/microsoft-threat-intelligence, and on X (formerly Twitter) at https://twitter.com/MsftSecIntel.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat Intelligence podcast: https://thecyberwire.com/podcasts/microsoft-threat-intelligence.

The post Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters appeared first on Microsoft Security Blog.

Software as a service (SaaS) adoption has accelerated at a lightning speed, enabling collaboration, automation, and innovation for businesses large and small across every industry vertical—from government, education, financial service to tech companies. Every SaaS application is now expanding its offering to allow better integration with the enterprise ecosystem and advanced collaboration features, becoming more of a “platform” than an “application.” To further complicate the security landscape, business users are managing these SaaS applications with little to no security oversight, creating a decentralized administration model. All this is leading to a growing risk surface with complex misconfigurations that can expose organization’s identities, sensitive data, and business processes to malicious actors. 

To combat this challenge, Valence and Microsoft Security work together to ensure that SaaS applications are configured according to the best security practices and improve the security posture of identities configured in each individual SaaS application. Together, Valence and Microsoft:  

• Centrally manage SaaS identities permissions and access.
• Enforce strong authentication by ensuring proper MFA (multi-factor authentication) and SSO (single sign-on) enrollment and managing local SaaS users.
• Detect and revoke unauthorized non-human SaaS identities such as APIs, service accounts, and tokens.
• Incorporate SaaS threat detection capabilities to improve SaaS incident response.

As most of the sensitive corporate data shifted from on-prem devices to the cloud, security teams need to ensure they manage the risks of how this data is being accessed and managed. Integrating Valence’s SaaS Security with the Microsoft Security ecosystem now provides a winning solution. 

SaaS applications are prime targets  

Recent high profile breaches have shown that attackers are targeting SaaS applications and are leveraging misconfigurations and human errors to gain high privilege access to sensitive applications and data. While many organizations have implemented SSO and MFA as their main line of defense when it comes to SaaS, recent major breaches have proven otherwise. Attackers have identified that MFA fatigue, social engineering and targeting the SaaS providers themselves can bypass many of the existing mechanisms that security teams have put in place. These add to high-profile breaches where attackers leveraged legitimate third-party open authorization (OAuth) tokens to gain unauthorized access to SaaS applications, and many more attack examples. 

State of SaaS security risks 

According to our 2023 SaaS Security Report which analyzed real SaaS environments to measure their security posture before they implemented an effective SaaS security program. The results showed that every organization didn’t enforce MFA on 100% of their identities—there are some exceptions, such as service accounts, contractors, and shared accounts, or simply lack of effective monitoring of drift. In addition, one out of eight SaaS accounts are dormant and not actively used. Offboarding users is not only important to save costs, but attackers also like to target these accounts for account takeover attacks since they are typically less monitored. Other key stats were that 90% of externally shared files haven’t been used by external collaborators for at least 90 days and that every organization has granted multiple third-party vendors organization-wide access to their emails, files, and calendars. 

Figure 1. Top SaaS Security gaps identified in the 2023 State of SaaS Security Report.

Holistic SaaS security strategy 

Establishing a holistic SaaS security strategy requires to bring together many elements—from shadow SaaS discovery, through strong authentication, identity management of both humans and non-humans, managing and remediating SaaS misconfigurations, enforcing data leakage prevention policies, and finally, establishing scalable incident response. Valence and Microsoft take security teams one step further toward a more holistic approach. 

Valence joined the Microsoft Intelligence Security Association (MISA) and integrated with Microsoft security products—Microsoft Entra ID and ​​​​Microsoft Sentinel—to enhance customers’ capabilities to manage their SaaS risks, effectively remediate them, and respond to SaaS breaches. The Valence SaaS Security Platform provides insight and context on SaaS risks such as misconfigurations, identities, data shares, and SaaS-to-SaaS integrations. Extending existing controls with SaaS Security Posture Management (SSPM) capabilities and SaaS risk remediation capabilities. Valence is also a proud participant of the Partner Private Preview of Microsoft Copilot for Security. This involves working with Microsoft product teams to help shape Copilot for Security product development in several ways, including validation and refinement of new and upcoming scenarios, providing feedback on product development and operations to be incorporated into future product releases, and validation and feedback of APIs to assist with Copilot for Security’s extensibility. 

Figure 2. Illustrative data: The Valence Platform provides a single pane of glass to find and fix SaaS risk across four core use cases: data protection, SaaS to SaaS governance, identity security, and configuration management. 

Secure SaaS human and non-human identities

In the modern identity-first environment, most attackers focus on targeting high privilege users, dormant accounts, and other risks. Enforcing zero trust access has become a core strategy for many security teams. Security teams need to identify all the identities they need to secure. Microsoft Entra SSO management combined with Valence’s SaaS application monitoring—to detect accounts created—provides a holistic view into human identities and non-human (Enterprise Applications, service accounts, APIs, OAuth and 3rd party apps).  

Microsoft Entra ID centrally enforces strong authentication such as MFA and Valence discovers enforcement gaps or users that are not managed by the central SSO. Valence also monitors the SaaS applications themselves to discover the privileges granted to each identity and provides recommendations on how to enforce least privilege with minimal administrative access. To continuously validate verification based on risks, the final piece of zero trust strategy, Valence leverages the risky users and service principals signals from Microsoft Entra ID and combines them with signals from other SaaS applications for a holistic view into identity risks. 

Protect SaaS applications 

Microsoft has a wide SaaS offering that is fueling enterprise innovation. These services are central to core business functions and employee collaboration, cover many use cases, and are spread across multiple business units, but are tied together in many cases such as identity and access management, and therefore their security posture is often related as well. Managing the security posture of SaaS services can be complex because of the multiple configurations and the potential cross service effects that require security teams to build their expertise across a wide range of SaaS.  

Many security teams view SaaS apps as part of their more holistic view into SaaS security posture management and would like to create cross-SaaS security policies and enforce them. Valence’s platform integrates with Microsoft Entra ID and other SaaS services using Microsoft via Microsoft Graph to normalize the complex data sets and enable security teams to closely monitor the security posture of their SaaS applications in Microsoft alongside the rest of their SaaS environment. 

Enhance SaaS threat detection and incident response 

Improving SaaS security posture proactively reduces the chances of a breach, but unfortunately SaaS breaches can still occur, and organizations need to prepare their threat detection coverage and incident response plans. The built in human and non-human identity threat detection capabilities of Microsoft Entra ID, combined with Microsoft Sentinel log correlation and security automation, and Microsoft Copilot for Security’s advanced AI capabilities, create a powerful combination to detect and respond to threats. Valence expands existing detections from compromised endpoint and identity with important SaaS context—for example, did the compromise device belong to a SaaS admin user? Did the compromised identity perform suspicious activities in other SaaS applications? The expanded detections provide critical insights to prioritize and assess the blast radius of breaches. Additionally, Valence’s SaaS threat detection can trigger threat detection workflows in Microsoft products based on its unique indicator of compromise monitoring. 

Together, Valence and Microsoft combine the best of all worlds when it comes to SaaS security. From SaaS discovery, through SaaS security posture management, remediating risks, and detecting threats—Valence and Microsoft enable secure adoption of SaaS applications. Modern SaaS risks and security challenges require a holistic view into SaaS risk management and remediation. Get started today. 

About Valence Security 

Valence is a leading SaaS security company that combines SSPM and advanced remediation with business user collaboration to find and fix SaaS security risks. SaaS applications are becoming decentrally managed and more complex, which is introducing misconfiguration, identity, data, and SaaS-to-SaaS integration risks. The Valence SaaS Security Platform provides visibility and remediation capabilities for business-critical SaaS applications. With Valence, security teams can empower their business to securely adopt SaaS. Valence is backed by leading cybersecurity investors like Microsoft’s M12 and YL Ventures, and is trusted by leading organizations. Valence is available for purchase through Azure Marketplace. For more information, visit their website. 

Be among the first to hear about new products, capabilities, and offerings at Microsoft Secure digital event on March 13, 2024.​ Learn from industry luminaries and influencers. Register today.

Learn more

To learn more about the Microsoft Intelligent Security Association (MISA), visit our website where you can learn about the MISA program, product integrations, and find MISA members. Visit the video playlist to learn about the strength of member integrations with Microsoft products. 

​​To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post ​​Secure SaaS applications with Valence Security and Microsoft Security​​ appeared first on Microsoft Security Blog.