#CyberChronicles – 2 Mysterious Access

#CyberChronicles – 2 Mysterious Access

The day began like any other for Martin. With a cup of coffee in his hand, he scrolled through the daily reports of Medic Tech's Azure environment. However, while reviewing a routine log of recent access changes, he noticed an unusual spike in role assignments. With a feeling of unease, he opened the list of Global Administrators.

He expected to see five names – the members of the core IT team. Instead, line after line of names rushed past, nearly causing his coffee to slip out of his hand. 35 names in total. His heart skipped a beat. This couldn't be right!

Martin checked the access logs and discovered that most of these assignments had been made recently, within just a few weeks. How had this happened under his watch? And more importantly, why had no one noticed?

Martin then soon realized there was a more significant issue. Along with the abnormal number of Global Administrators, unauthorized configurations and changes had been made throughout the system. Critical data access permissions were changed, and several external IP addresses had unusual levels of access.

The rest of the day was a blur. Martin pulled Liam, the IT intern, aside. Liam was made global administrator temporarily to do some intern work. While working in the Azure portal, he had unwittingly assigned multiple colleagues the role of Global Administrator. His inexperience and lack of understanding of his own powers had contributed to this unintended mess. However, now was not the time for blame. Action was needed!

With the scale of changes and the risk of external threats, Martin felt the need for specialized expertise. Medic Tech reached out to CybGuard, known for their capabilities in Azure environments. Their team didn't just bring expertise, they used specialized software to trace the origin of unauthorized changes and possible breaches.

The team quickly uncovered more irregularities. Medic Tech had not set up emergency accounts for situations where access was lost or passwords were forgotten, MFA wasn't enabled for nearly all employees, Medic Tech, had a password policy of changing it every 90 days, this policy was not enforced. They found multiple irregularities. CybGuard assisted in setting up these critical configurations, providing the company with an added layer of security.

After intensive work and collaboration, the situation began to stabilize. Martin was grateful for CybGuard's expertise and insights. Together, they not only identified and resolved the issues but also made the company stronger and more resilient than ever before.

As Martin finally shut down his computer, he reflected on the day's events. He realized that setting up Azure AD and assigning roles was just the beginning. This adventure had underscored a crucial lesson. It's not enough to simply implement tools and delegate permissions. Solid understanding, ongoing training, and constant vigilance are essential to ensure the integrity and security of a digital system. For Martin, it was clear: too many cooks in the kitchen made management confusing and potentially risky.

Having too many Global Administrators in you Azure environment is a big concern. This role grants someone nearly full control over all Azure resources. With so many people having such permissions, there was an increased risk of Hugh changes, which could lead to disruptions. If any of these accounts were to fall into the wrong hands, a malicious actor could potentially disrupt or manipulate almost anything in the environment. Does your company need an Azure AD assessment, let Sekury help you!

SEKURY | SAFE | SEAMLESS |CONNECTED

At Sekury, we build safe environments, design seamless solutions, and establish trusted connections.