Maximizing Cybersecurity in a Hybrid Work Environment

Cybersecurity When Working From Home

Headline-grabbing malware attacks have become a common occurrence in our news cycles. According to a recent study by Expert Insights, these attacks are typically caused by a singular event in the second stage of a cybersecurity breach, known as identity compromise within the business. Unfortunately, the risk of identity compromise has significantly increased with the rise of hybrid work. Vulnerable home networks, lackluster patching, shadow IT, and stolen or lost work devices contribute to this risk.

Critical Identity Compromise Issues

There are three critical identity compromise issues that must be dealt with to mitigate cybersecurity threats, especially when framed within the context of hybrid work. These are password attacks, multifactor authentication attacks, and post-authentication attacks. 

Password Cybersecurity Attacks

The three most common password attack tactics are password spray, phishing, and breach replay. Millions of these types of attacks are performed daily on Microsoft systems. According to Microsoft, it deflects 1,000 password attacks per second. To make matters worse, 99.9% of targeted accounts don’t have multifactor authentication (MFA) enabled. The ease and effectiveness of these attacks - guessing common passwords, convincing a team member to enter sensitive password information at a fake website, or relying on pervasive password reuse - make this a favorite tactic of ransomware agents. 

“Driving more multifactor authentication is the most important thing we can do for the ecosystem,” wrote Alex Weinert, Vice President of Identity Security at Microsoft, in a January 2023 post. “If you aren’t yet requiring multifactor authentications for all users, enable it.”

Today’s MFA uses apps, tokens, or the device itself for authentication. It is included in all SKUs, requires no additional management, and profoundly integrates into Azure AD, unlike old, clunky MFAs that required copying codes and multiple prompt usages, which were deployed and bought separately. 

MFA Cybersecurity Attacks

While multifactor authentication deflects much of the common identity compromises discussed above, cybersecurity risks don’t end there. For example, MFA hacks aren’t as easy as password authentication attacks; however, they require more time, effort, and attacker investment. 

Examples of MFA attacks include: 

• Telephone vulnerability attacks and SIM jacking
• AitM (adversary-in-the-middle) attacks
• “Griefing” attacks, also known as multifactor authentication hammering (MFA fatigue)

Unlike the thousands of password breach attacks per second, Microsoft has reported that MFA attacks have been detected in the thousands per month – yet they continue to be on the rise. Using the right MFA product is essential to mitigate these attacks, particularly in a hybrid work environment. Microsoft recommends:

• Authenticator
• Windows Hello
• FIDO

Organizations that currently have a PIV and CAC (personal identity verification card or common access card) infrastructure may employ Azure AD certificate-based authentication (CBA). 

Post-Authentication Cybersecurity Attacks 

Token theft and OAuth consent phishing are two detected post-authentication attack tactics. Token theft replays and compromises a token issued to an identity that has already completed its MFA - validating the token to access a company’s resources. This tactic is especially concerning in the world of hybrid work, where unmanaged devices are likely to have weaker security controls. 

OAuth is a post-authentication breach that Microsoft’s threat analysts continue to track—also called illicit consent grants. It abuses OAuth request links to trick recipients into granting attacker-owned applications to gain access to sensitive data. 

Zero Trust principles are essential to mitigate token theft and OAuth phishing campaigns. These include:

• Authenticating and authorizing based on all available data points
• Using least-privilege access with just-in-time (JIT) and just-enough-access (JEA), as well as risk-based adaptive policies 
• Assuming breach and minimizing blast radius and segment access

Microsoft Defender: A Hybrid Cybersecurity Essential

Remote or hybrid work isn’t going anywhere. Neither are ransomware attacks. Microsoft Defender is a tried-and-tested way for companies to help leverage themselves from these attacks. By regularly checking the status of your MS Defender Antivirus on all devices, running the latest Defender iteration, and customizing your rules in Defender features, you can help reduce the chances that your company will become the next victim of a cybersecurity event.