Microsoft Azure security flaw exploit could let hackers create a ‘skeleton key’

Cybercriminals can use this skeleton key to unlock an organization’s Azure environments

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

MicrosoftAzure could be vulnerable to attack from compromised computing systems, even on-premise, new research has claimed.

A report from cybersecurity firmVaronishas discovered that an attacker can use a compromised on-premises IT environment to pivot and attack an organization’s Azure environment.

Using a compromised PC as a stepping stone to move across a network to hack other targets is a tactic that cybercriminals frequently employ and security researcher at Varonis, Eric Saraga found that it was possible to manipulate an on-premises server known as an Azure agent to establish a backdoor and obtain user credentials from the cloud.

Saraga developed a proof-of-concept attack that exploits Azure’s pass-through authentication which installs an Azure agent on-premises that authenticates synced users from the cloud. This enabled him to create a form of ‘skeleton key’ password on an Azure agent.

Using this skeleton key, an attacker could escalate privileges to global admin to gain access to an organization’s on-premises environment. This would allow the attacker to extract usernames and passwords from a company’s Azure environment.

Skeleton key

Thankfully Saraga’s exploit can be blocked by usingmulti-factor authenticationto secure a company’s Azure accounts as well as by actively monitoring its Azure agent servers.

This attack would also be difficult for cybercriminals to pull off as they would first need to hack into a corporate network.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Another thing worth noting is the fact that this is an exploit as opposed to a vulnerability soMicrosoftwon’t be issuing a patch to fix it. The software giant responded toVaronis' report, saying:

“This report does not appear to identify a weakness in a Microsoft product or service that would enable an attacker to compromise the integrity, availability, or confidentiality of a Microsoft offering. For this issue, the attacker needs to compromise the machine first before they can take over the service.”

Since a patch isn’t being developed, Saraga says that organizations should lock down their Azure environments by using multi-factor authentication to prevent falling victim to any potential attacks that leverage this exploit.

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Anker Nebula Mars 3 review: A powerful and truly portable projector