Select Page

Cyber threats are real, and organizations are taking proactive security measures on how to make users more secure.  We will outline a few steps every organization should take to increase their cyber security position.

Users of Microsoft Exchange are normally authenticated through two sites, a front end and a back end.  The Delegated Authentication feature leaves authentication purely to the server.  ProxyToken must include a SecurityToken cookie in an authentication request to use this feature. Because of default settings, the attacker’s requests bypass the authentication process.

Here are a few steps companies can take to reinforce their user authentication procedures in light of this and similar threats.

How do you monitor user behaviour?

A username and password should not be sufficient for user authentication when using any technology. These traditional measures are insufficient and cannot proactively protect against cyber attacks that bypass authentication steps. User behaviour monitoring is one helpful measure.

Each user’s typical behaviour can be established through ongoing monitoring.  Organizations can use this information to implement behavioural cyber security biometrics.  This authenticates individuals by monitoring their use patterns. A red flag will be raised for abnormal user behaviour such as configuring someone else’s inbox using a proxy cyber attack.

Monitoring user permissions is also very important of a zero-trust cyber security policy.  This is built on contextual permissions to identify and address cyber attacks as these proactive measures go beyond traditional user authentication. This will help make users more secure.

What is multi-factor authentication?

Multi-factor authentication (MFA) also known as two-factor authentication (2FA) is another crucial step.  A password or another type of authentication method is vulnerable to cyber attacks.  This way, a cyber attacker cannot exploit any one method to infiltrate your IT infrastructure even if they get past other cyber security steps.

As mentioned above, ProxyToken may begin as an account compromise cyber attack, which Microsoft itself emphasizes is possible via multi-factor authentication (MFA).  In addition to its effectiveness, two-factor authentication (2FA) is also inexpensive and easy to implement, which makes it an ideal security measure. This will help make users more secure.

How do I restrict users?

Organizations need to work with their IT department or managed IT services provide to under the difference between user authentication and user authorization as they are not the same.  Even though a cyber-attacker may bypass authentication using a cyber attack such as ProxyTokens or a similar method, tighter user controls can still prevent damage.

User authentication verifies is a user is who they claim they are when signing into a network. User authorization is what a user functions can be performed due to the limitations imposed by restricted user authorization protocols.  If a hacker bypasses this authentication stage, a cyber-attacker will still have limited access, minimizing the level of destruction possible to you network.

How do I keep software updated?

This is a step in proactive management that organizations are aware of however most organizations do not know how and if it is done properly by their IT department or managed IT services provider.  Organizations need to remember to keep their software up to date.  Unfortunately, ProxyToken cyber security threat was discovered by IT security researchers in March, but organizations had to wait until July for Microsoft to release a patch.  These cyber attacks can be prevented by updating the Exchange server software.

Software updates are critical however many organizations fail to update their software, leaving them vulnerable to cyber attacks.  Unpatched cyber security vulnerabilities have caused data breaches in approximately 33 percent of all global businesses.  Organizations need to enable automatic updates and monitoring for vulnerabilities to proactively prevent a significant amount of possible cyberattacks.

What user authentication protocols should I use?

Cyber security systems are constantly being challenged and beat-in by cybercriminals through methods such as ProxyToken.  Organizations must become more proactive in the fight against cyber security threats, including strengthening user authentication protocols as threats grow.

Organizations must review their IT infrastructure setup, polices, and procedures as there must be more to user authentication than just usernames and passwords.  Cybercriminals are sophisticated and organizations need to use a multi layered approach to stopping them including Multi-factor authentication (MFA), two-factor authentication (2FA), and continuous network monitoring.

How to make users more secure?  It is not possible for businesses to eliminate cyber security threats but by tightening user authentication and user authorization.