White-listing Azure cloud connections to grease your Office 365 wheels? About that...

www.theregister.co.uk | 1/23/2019 | Staff
marika (Posted by) Level 3
Click For Photo: https://regmedia.co.uk/2016/09/07/office_365_photo_by_dennizn_via_shutterstock.jpg

Microsoft has been accused of ignoring an IT security risk that could be exploited to create legit-looking malware-laden webpages that sport seemingly trusted Azure and Office 365 domain names. Alternatively, the domains potentially could be used to stealthily leak stolen data from networks.

It's not a world-shattering threat by a long shot, though if you're a sysadmin – and we know a good bunch of you are – it's quite possibly something to bear in mind when configuring your network security, proxy boxes, and gateways.

Software - Developer - Patrick - Dwyer - Reckons

Software developer Patrick Dwyer reckons anyone with an Azure subscription can, or at least could at time of writing, register a *.azureedge.net or *.blob.core.windows.net address, such as the convincing tokyo-1-mail-server.azureedge.net. These can be pointed at arbitrary content. For example, Dwyer created patros-issue-233.azureedge.net/index.html and patrosissue233.blob.core.windows.net/index/index.html to prove his point...

And here's where it gets a bit unfortunate: Microsoft encourages organizations to white-list and perhaps even prioritize Office 365 connections by identifying and green-lighting traffic to and from these cloud-based endpoints, and these endpoints include gems like mlccdnprod.azureedge.net and *.blob.core.windows.net. A full list for worldwide customers is here, for example.

Someone - Custom - Blahblahblah - Blob - Core

Thus it is possible for someone to request and obtain their own custom blahblahblah.blob.core.windows.net domain, host bad things on it, such as malware and spear-phishing pages, and watch a corporate firewall allow a victim's PC connect to it, via an email or other link, because *.blob.core.windows.net has been white-listed for Office 365. If a netadmin has white-listed all of azureedge.net, then that's another way in. This is all according to Dwyer.

We appreciate that you may have defenses in place to catch exploit kits, malware, phishing pages, and other nasties from being fetched and opened on workstations, of course, besides blocking malicious Azure sub-domains.

Domains - Network - Intruders - Employees

Additionally, we're told the trusted domains could potentially be used by network intruders and rogue employees to covertly move...
(Excerpt) Read more at: www.theregister.co.uk
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!