CrowdStrike released a free cybersecurity tool: CrowdStrike Reporting Tool for Azure
In mid-December 2020, Microsoft notified CrowdStrike that a compromised unnamed Microsoft Azure reseller account was being used for reading CrowdStrike emails. In order to prevent such actions in the future and to enable company administrators to analyse access rights to Microsoft Azure themselves, CrowdStrike has released its own free CrowdStrike Reporting Tool for Azure.
Microsoft determined that a few months ago, the Microsoft Azure reseller account, used to manage Microsoft Office CrowdStrike licenses, made suspicious calls to Microsoft cloud APIs for 17 hours.
“An attempt was made to read the e-mail, which failed, which is confirmed by Microsoft. The fact is that CrowdStrike does not use Office 365 email”, — wrote the company’s specialists last week.
In turn, Microsoft representatives told Reuters that the attack was carried out by attackers who stole credentials from a Microsoft reseller account and was not associated with any vulnerabilities in products or cloud services.
The two companies also stressed that the incident was not related to the recent compromise of SolarWinds and the spy operation that followed the hack.
Upon learning of the attempted attack, CrowdStrike experts analyzed their Azure environment and concluded that it had not been compromised. However, in their analysis, researchers found it extremely difficult to use Azure administration tools to identify the privileges assigned to third-party resellers.
“It was very difficult for us, since many of the steps required for our investigation were not documented, it was not possible to audit using the API, and to view important information, we required global administrator rights, which we considered excessive. Key information should be easily accessible”, — the company writes.
To help administrators who find themselves in the same position (who need to analyze the Microsoft Azure environment and find out what rights are granted to third-party resellers and partners), CrowdStrike created and released its own free CrowdStrike Reporting Tool for Azure. This tool will analyze your Azure environment and generate a comprehensive report with all the information you need.