Security: Back to Basics in 2024


            By Nick Hyatt Director of Threat Intelligence at Blackpoint Cyber



            New year, new you, right? Every year when the ball drops in Times Square, we make (perhaps slightly
            drunken) resolutions to improve our lives. Eat right, join that gym – it all sounds good until we make it
            halfway through February and we’ve reverted to our old habits because the time just got away from us.
            Just like in our personal lives, we often revert to old habits with security, too. I get it, security is hard! With
            the constant barrage of vulnerabilities, incidents, and day-to-day firefighting, even the most efficient and
            experienced security team can be hard-pressed to keep up. There are ways to improve your security
            posture without breaking the bank, buying a new tool, or even doing anything beyond the basics. Sounds
            too good to be true, right? Stick with me.

            The first few months of the year have brought with them some concerning stories. In January, Microsoft
            disclosed further details of the attack they suffered from the Midnight Blizzard threat actor. Midnight
            Blizzard is a Russia-aligned threat actor – they’re no slouches. You would think the attack they pulled on
            Microsoft would be some sort of incredibly spooky zero-day malware, right? Not in this case. Microsoft
            had a  legacy system  out  in  a  tenant  that  had a  simple password  and  no  multi-factor  authentication
            present, which allowed Midnight Blizzard to compromise the account and pivot internally.




            Cyber Defense eMagazine – March 2024 Edition                                                                                                                                                                                                          166
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.