Posted by Anne-Marie Avalon
July 17, 2023
As reported by Microsoft in June, the Storm-0558 hack is a stark reminder of the constant cyber threats businesses face in this digital age. In this detailed post, “Storm-0558: Cryptographic Keys and Akeyless Defense,” we’ll unfold the story behind Storm-0558, demystify the importance of cryptographic keys, and demonstrate how they became a linchpin in the hack.
Along the way, we’ll introduce you to Akeyless’ technology and how its groundbreaking approach to Secrets Management provides the needed shield against today’s cyber attacks.
Understanding the Storm-0558 Hack
On June 16, 2023, Microsoft initiated an investigation into suspicious email activity reported by customers. Through their investigation, it was discovered that starting from May 15, 2023, the hacker group Storm-0558 managed to infiltrate the email data of around 25 organizations and consumer accounts linked to these organizations. This breach occurred by utilizing counterfeit authentication tokens and exploiting a Microsoft account (MSA) consumer signing key that had been acquired by the hackers.
Here’s How The Storm-0558 Attack Happened
Initially, the hackers illicitly procured a Microsoft consumer signing key, which is typically used for signing tokens granting access to Microsoft cloud services. Exploiting the stolen key, they unethically generated their own authentication tokens. This deceptive act facilitated their impersonation of legitimate users, granting them unauthorized entry into their email accounts. In their illicit incursion, they siphoned off unclassified email data from unsuspecting accounts.
Who is Storm-0558?
The China-based hacker group, Storm-0558, directs its efforts towards espionage. It has connections to several high-profile attacks, notably the breach of the State Department’s email system in 2022.
Storm-0558’s interest likely lies in gathering government policy details, military capabilities, and economic secrets. They could leverage this information to provide China an upper hand in negotiations, military planning, or economic competition.
This group is a threat because they have the ability to access sensitive information and use it for malicious purposes. They have also shown that they are willing to target high-profile organizations, which means that they could pose a serious threat to national security.
An unprecedented hack into Microsoft
Andy Greenberg from Wired quotes Jake Williams, a former NSA hacker who now teaches at the Institute for Applied Network Security in Boston saying, “We put trust in passports, and someone stole a passport-printing machine. For a shop as large as Microsoft, with that many customers impacted—or who could have been impacted by this—it’s unprecedented.”
Let’s break down why this is unprecedented, and a threat, by understanding why cryptographic keys such as consumer signing keys are critical in the cybersecurity chain and how you can prevent this from happening to your enterprise.
Understanding Cryptographic Keys and their Importance
Consumer signing keys and signing keys are types of cryptographic keys, used to authenticate and secure digital information.To understand why consumer signing keys are so important, it’s important to first understand signing keys and how they work.
Signing keys operate within a cryptographic system that relies on asymmetric key pairs: a public key and a private key. The private, securely held signing key digitally signs tokens or other data to confirm their untampered origin from a trusted source. Subsequently, validation of the signature happens through the public key.
Consumer signing keys perform the task of verifying the authenticity of software installed on a device. When a user installs new software, the device verifies that the software’s signature comes from a trusted key. The device installs the software with a valid key and blocks it when the key is invalid.
Introduction to Consumer Signing Key Hacks
If a hacker is able to gain access to the consumer signing key for that device, they can create and install their own malicious software that will be accepted as legitimate by the device.
This is why consumer signing key hacks are so dangerous. If an attacker is able to compromise the signing key for a popular device, they can potentially infect thousands or even millions of devices with malware. This can lead to devastating consequences for both consumers and businesses.
Read more: Encryption & Key Management Overview
Storm-0558 Fallout: Impact on Organizations
The Storm-0558 attack had far-reaching implications, particularly for government agencies and other targeted organizations. The full scope and fallout of the breaches are still being assessed. However, it is reported that US government agencies, including the State Department, were among the targets. This breach raises concerns about the potential compromise of sensitive government information and highlights the need for heightened security measures.
Cryptographic key theft can carry severe consequences for businesses and organizations. These range from the loss of sensitive data to financial setbacks, reputational harm, and even potential legal repercussions.
The gravity of this issue is further emphasized when we consider data from IBM’s 2022 Cost of a Data Breach report. This research reveals the average cost of a data breach in the U.S. to be a staggering $9.44 million, a figure that is more than double the global average of $4.35 million.
Such numbers underscore the critical importance of robust cybersecurity measures for businesses and organizations. Which leads us to the importance of understanding why modern solutions such as Akeyless Secrets Management are built to protect organizations from today’s threats and financial disasters.
How Akeyless Protects Against Espionage Attacks and Similar Threats
These are the tactics employed by Akeyless to counteract espionage attacks and similar threats:
The system manages keys in a single, secure hub. This includes essential signing and encryption keys, thus deterring hacker intrusion. Only systems and users validated by Akeyless can access these keys.
By embracing the least-privilege access principle, Akeyless ensures users have only the essential access needed for their tasks. It reduces potential for damage, whether accidental or malicious. The Role-Based Access Control (RBAC) functionality of Akeyless further reinforces this by defining secret access levels for specific machines and individuals.
Akeyless employs Just-in-Time temporary secrets to tackle the security risk of standing privileges. As required, the system generates these secrets which expire after use, minimizing unauthorized access opportunities.
To minimize the potential damage from secret leaks or thefts, Akeyless rotates secrets, such as keys, automatically and regularly. This function works seamlessly across a wide range of environments, including both cloud and on-premise setups.
Akeyless supports real-time monitoring to quickly detect and mitigate potential threats. Additionally, it keeps comprehensive audit trails, providing detailed logs of all activities. Any suspicious behavior is swiftly spotted and addressed. Akeyless even provides SIEM integration for easy log exporting.
Secured Encryption through Distributed Fragments Cryptography (DFC)™
Akeyless uses DFC™ technology to split encryption keys into separate fragments and store them in various locations. The complete key never comes together, rendering it nearly unhackable. Even during a breach, if a fragment is compromised, the full key stays safe, preserving data security.
Akeyless’ DFC™: Revolutionizing Encryption Security
Pushing the envelope in security, Akeyless’ Distributed Fragments Cryptography (DFC)™ turns encryption keys into enigmatic puzzles. With keys split and scattered across multiple locations, a complete key never resides in a single, vulnerable place. Even if a fragment falls into the wrong hands, it’s a useless piece of a much larger cipher.
Furthermore, Akeyless doesn’t hold onto these fragments. They’re independently and dynamically rotated, fortifying the integrity of your encryption keys even further. This is no standard Shamir’s Secret Sharing (SSS); it’s a leap ahead. In the labyrinth of Akeyless’ architecture, the full key never coexists, making it a fortress against conventional hacking methods. Akeyless doesn’t merely manage your secrets; it actively shields them with pioneering, nearly impenetrable security.
All these features collectively enhance security, minimize vulnerabilities, and enable effective detection and response to potential threats. By leveraging Akeyless DFC™ and Secrets Management features, organizations can fortify their defenses and mitigate the risks posed by espionage attacks and other similar threats.
Additional Guidance form CISA and the FBI
CISA and the Federal Bureau of Investigation (FBI) are releasing a joint Cybersecurity Advisory to provide guidance to critical infrastructure organizations on enhancing monitoring of Microsoft Exchange Online environments. Read here for the AA23-193A Enhanced Monitoring to Detect APT Activity Targeting Outlook.
The Storm-0558 hack serves as a stark reminder of the ongoing cyber threats faced by businesses today. The breach highlighted the significance of cryptographic keys and their role in securing sensitive data. However, amidst these challenges, Akeyless emerges as a reliable solution for fortifying businesses against similar threats.
Akeyless’s innovative approach to secrets management, featuring tools like Distributed Fragments Cryptography™ provides a robust shield against cyber attacks. By implementing stringent access controls and robust key isolation, Akeyless can ensure the protection of consumer signing keys.
In the words of Richard Barretto the CISO and VP of Progress Chef, Akeyless allows customers to maintain exclusive ownership of their keys, reducing risks associated with relinquishing control to unauthorized entities. Its optimal balance of security, affordability, scalability, and ease of use makes it the go-to solution for organizations.
Discover how Akeyless can safeguard your secrets without the pain and expense of existing solutions. Contact us today or request a personalized demo to experience the power of Akeyless in securing your cryptographic keys and protecting your business from cyber threats.
DevOps InfoSecLearn why secret rotation is crucial, the challenges faced, and best practices for both manual and automated rotations.
What is Just In Time (JIT) Access Management?Explore the transformative power of Just in Time (JIT) Access Management in enhancing cybersecurity and streamlining operations. Learn its types, benefits, and best practices.
Why Open Source Based Vaults Will Be Left BehindThe origins of Vaultless™ Secrets Management and why Vaults based on legacy open-source code are being left behind.