While we all know about Multi-Factor Authentication, the real-world application sometimes seems far-fetched and not in the "going to happen to us" mentality.
So, recently beINVENTiV was presented with a problem a client was having. Their administrator had his user account compromised. The attacker did not look at anything or do anything specifically with that account. Instead, the attacker reset all of the global admins accounts and used those accounts to "sniff" around.
What if the attacker decided to get into Azure systems? Shut down VM's? Reconfigure Exchange information to completely halt communications?
What if the user created a cryptic username with global admin access to reenter anytime that is convenient? This could have all happened.
The good news is, is that the attacker did not appear to get any sensitive information. The bad news is that this attack had to happen to get the users' buy-in on enforcing MFA. MFA would have saved this from happening by requiring a secondary authentication when a your account is being accessed from an unknown device or unknown IP address.
This is easy to set up, and going through the secondary authentication is easy to perform. Trust us, it will save you much time and pain later.
Ask us if you would like help in how to best implement this and how to set up your users for success!