Multi-Factor Authentication Best Practices

One of Aspire’s key focuses is to share advice and guidance on staying protected against the latest cyber security threats. That’s why our team pro-actively reviews emerging and active threats, to help keep organisations informed.

In our latest assessment, we identified a growing trend of cyber criminals targeting valuable user credentials. In order to protect your organisation, here’s our advice on ensuring your credentials stay secure with the use of Multi-Factor Authentication (MFA) on Microsoft 365.

Multi-Factor Authentication Best practices…and Why They Matter

As part of our ongoing reviews, we have identified a concerning and persistent trend in which threat actors are employing various methods such as Phishing Attacks and Brute Force attacks to harvest Microsoft 365 credentials. These details are being acquired for further malicious use or selling stolen credentials on the dark web.

These compromised credentials can be used for unauthorised access to into your business, with criminals using remote access solutions such as Remote Desktop, Citrix and VPN’s.

To address this issue and enhance your security, we strongly recommend implementing Multi-Factor Authentication (MFA) on Microsoft 365, VPN & any remote desktop access solution.

In the coming weeks, Microsoft will be enforcing MFA on all of its services. While this is a good thing; this will be the default settings and here at Aspire we have worked with our customers and partners to design a strong set of policies to keep them secure and help them manage a steadier rollout.

Real-world Case

In a recent case, malicious actors used a phishing attack against an organisation’s mail service, hosted on Microsoft 365. Through this attack several users’ passwords were harvested.

From there, the attackers used readily available tools to find the web addresses for a VPN and Remote Desktop Access service, and where able to use these credentials to gain remote access into the organisations internal infrastructure. Once connected inside they were able to gain administrative access and extract data then encrypt the systems to hold the data at ransom.

As a result, agencies and the organisations’ customers had to be informed of the breach, impacting customer, partner and supplier confidence.

The implementation of Multi-Factor Authentication could have prevented this malicious access into the infrastructure, keeping the data safe from extraction.

How can you implement MFA?

Aspire recommends the following measures are implemented, to help improve and enhance your infrastructure security and access. If you are an Aspire customer please reach out to your Service Account Manager to discuss the next steps and if there are any requirements to be considered before implementing. If you would like to discuss how Aspire can help, visit our contact page, where we will be happy to provide further advice.

Microsoft 365

• Enforce MFA on all user accounts,
  • Require reauthentication every 14 days,
  • Block access from non-corporate business locations,
    • Disable legacy authentication with Microsoft 365,
    • Allow single sign-on from corporate locations.
    • Implementation of user-training tools that provide phishing simulation.

VPN

• Enforce MFA for all users connecting externally,
• Require MFA on every new and reconnecting session,
• Block connections inbound from known malicious countries.

RDS, Citrix, Azure & Windows 365

• Enforce MFA for all users connecting externally,
• Require MFA on every new and reconnecting session,
  Block connections inbound from known malicious countries.

Contact us if you need further assistance

Your security is our priority, and we remain committed to working with you to keep your business safe from potential threats. If you have any questions or would like to discuss this further, please don’t hesitate to reach out to us.