Exploring Azure Active Directory Attack Surface : Enumerating Authentication Methods with Open-Source Intelligence Tools
Syynimaa, N. (2022). Exploring Azure Active Directory Attack Surface : Enumerating Authentication Methods with Open-Source Intelligence Tools. In J. Filipe, M. Smialek, A. Brodsky, & S. Hammoudi (Eds.), ICEIS 2022 : Proceedings of the 24th International Conference on Enterprise Information Systems : Volume 2 (pp. 142-147). SCITEPRESS Science And Technology Publications. https://doi.org/10.5220/0011077100003179
Tekijät
Päivämäärä
2022Tekijänoikeudet
© 2022 by SCITEPRESS – Science and Technology Publications, Lda.
Azure Active Directory (Azure AD) is Microsoft’s identity and access management service used globally by 90 per cent of Fortune 500 companies and many other organisations. Recent attacks by nation-state adversaries have targeted these organisations by exploiting known attack vectors. In this paper, open-source intelligence (OSINT) is gathered from organisations using Azure AD to explore the current attack surface. OSINT is collected from Fortune 500 companies and top 2000 universities globally. The collected OSINT includes authentication methods used by the organisation and the full name and phone number of the primary technical contact. The findings reveal that most organisations are using Azure AD and that majority of these organisations are using authentication methods exploited during the recent attacks by nation-state adversaries.
Julkaisija
SCITEPRESS Science And Technology PublicationsEmojulkaisun ISBN
978-989-758-569-2Konferenssi
International Conference on Enterprise Information SystemsKuuluu julkaisuun
ICEIS 2022 : Proceedings of the 24th International Conference on Enterprise Information Systems : Volume 2ISSN Hae Julkaisufoorumista
2184-4992Asiasanat
Julkaisu tutkimustietojärjestelmässä
https://converis.jyu.fi/converis/portal/detail/Publication/144287611
Metadata
Näytä kaikki kuvailutiedotKokoelmat
Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
Anomaly detection approach to keystroke dynamics based user authentication
Ivannikova, Elena; David, Gil; Hämäläinen, Timo (IEEE, 2017)Keystroke dynamics is one of the authentication mechanisms which uses natural typing pattern of a user for identification. In this work, we introduced Dependence Clustering based approach to user authentication using ... -
On Attacking Future 5G Networks with Adversarial Examples : Survey
Zolotukhin, Mikhail; Zhang, Di; Hämäläinen, Timo; Miraghaei, Parsa (MDPI AG, 2023)The introduction of 5G technology along with the exponential growth in connected devices is expected to cause a challenge for the efficient and reliable network resource allocation. Network providers are now required to ... -
IoT -based adversarial attack's effect on cloud data platform services in a smart building context
Vähäkainu, Petri; Lehto, Martti; Kariluoto, Antti (Academic Conferences International, 2020)IoT sensors and sensor networks are widely employed in businesses. The common problem is a remarkable number of IoT device transactions are unencrypted. Lack of correctly implemented and robust defense leaves the organization's ... -
Adversarial Attack’s Impact on Machine Learning Model in Cyber-Physical Systems
Vähäkainu, Petri; Lehto, Martti; Kariluoto, Antti (Peregrine Technical Solutions, 2020)Deficiency of correctly implemented and robust defence leaves Internet of Things devices vulnerable to cyber threats, such as adversarial attacks. A perpetrator can utilize adversarial examples when attacking Machine ... -
“The law that mandates us is stronger than the consumer's rights” : what are the decisions related to authentication method selection?
Tonteri, Heidi (2023)Loppukäyttäjän tunnistusmenetelmien valinnalle on olemassa erilaisia viitekehyksiä, mutta yksikään niistä ei ota kantaa organisaation näkökulmaan turvalliseen ohjelmistokehitykseen liittyen. Tutkimuksen tarkoituksena oli ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.