Spray and pray: That’s the modus operandi behind the latest successful attack against Microsoft, which resulted in compromise of the company’s email systems. The attackers reportedly got in through an old testing environment, which seemingly had no multi-factor authentication (MFA) stopping them.
Lesson learned: Just because it’s not a production system doesn’t mean it can’t be used as an avenue to get into your production systems. Threat models? MFA? It all matters.
*** This is a Security Bloggers Network syndicated blog from AppSec Observer authored by David Lindner, Director, Application Security. Read the original post at: https://www.contrastsecurity.com/security-influencers/cybersecurity-insights-with-contrast-ciso-david-lindner-10/20-0-0-0-0-0-1-0-0-0-0