Mitigating the NOBELIUM FoggyWeb threat with HSMs – Security Boulevard

The Home of the Security Bloggers Network
Home » Security Bloggers Network » Mitigating the NOBELIUM FoggyWeb threat with HSMs
Last week, Microsoft published news about FoggyWeb, another sophisticated persistent backdoor hack which is designed to steal credentials and compromise the contents of Microsoft AD FS servers. The hack is believed to be associated with Nobelium, a group of suspected state-sponsored hackers believed responsible for the devastating SolarWinds hack.
Microsoft’s Active Directory Federation Service (AD FS) enables Federated Identity and Access Management by securely sharing digital identity and entitlements rights across security and enterprise boundaries. It enables single sign-on – within a security or enterprise boundary – to web applications that enable organizations to offer a seamless user experience when accessing their applications online. In short, it helps support web service interoperability between a range of cloud-based products including Gmail and Office 365.
Microsoft has already notified all customers that they have observed being targeted by the malware. In addition, they have published a detailed analysis of the hack and mitigating actions organizations can deploy. They also make a number of recommendations:
Recommendation 3, made by Microsoft, is a reminder of the value a high assurance root of trust Hardware Security Module (HSM) can bring to an AD FS and many other IT deployments. The HSM is a robust certified, tamper resistant device which is used to perform cryptographic operations such as generating and signing cryptographic keys in a protected environment resilient to attack from malware and other exploits. Microsoft recommends that the token signing certificates which give access to federated resources are protected in an HSM. These security tokens underpin the security of the AD FS system since they provide the mechanism by which partners can verify the authenticity and authorisation of a request.  Generating and storing cryptographic keys in dedicated hardware devices has been best practice for more than 20 years now. Surprisingly there are organizations who still unwittingly store their cryptographic keys in servers leaving them exposed to theft from bad actors.
Entrusts offer a range of nShield HSMs in varying form factor, performance and certification status to suit an organization’s needs – as well as a full portfolio of cybersecurity infrastructure solutions, including security posture management and securing user identities and access. To learn more visit:
The post Mitigating the NOBELIUM FoggyWeb threat with HSMs appeared first on Entrust Blog.
*** This is a Security Bloggers Network syndicated blog from Entrust Blog authored by Iain Beveridge. Read the original post at:
document.getElementById( “ak_js” ).setAttribute( “value”, ( new Date() ).getTime() );
More Webinars
Security Boulevard Logo White
Techstrong Group