News
Microsoft Warns of Escalating Attacks Targeting Azure Blob Storage
Microsoft is warning IT administrators about an increase in attacks aimed at Azure Blob Storage, saying threat actors are taking advantage of exposed credentials, weak access controls and misconfigurations to gain access to sensitive cloud data.
In a post published this week, the Microsoft Threat Intelligence team said attackers are exploiting common setup mistakes in Azure's object storage service, which is used by many orgs to store data for analytics, AI workloads and backups.
"Blob Storage, like any object data service, is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads," Microsoft said.
According to the company, these attacks often begin with reconnaissance. Attackers scan for storage accounts with open endpoints or predictable names. Once they find a target, they try to break in using shared access signatures (SAS), stolen keys or accounts with overly broad permissions. After gaining access, attackers can remain in the environment, steal data or even take control of the entire storage account.
"Theoretically, a threat actor could attempt to exploit blob-triggered Azure Functions using Event Grid that process files in storage containers, or Azure Logic Apps that automate file transfers from external sources like FTP servers, to gain entry to downstream workflows linked to Azure Storage -- if those workflows rely on misconfigured or insufficiently secured authentication mechanisms. Microsoft wrote. Such attacks could lead to large-scale data theft, corruption or deletion, along with the compromise of
To help reduce these risks, Microsoft said it has upgraded its cloud security tools to better detect and respond to suspicious behavior. Its Defender for Storage service, which is part of Microsoft Defender for Cloud, can spot suspicious access patterns and automatically scan new or changed files for malware.
The company also stressed the need for strong encryption and network separation. All Azure Storage data is automatically encrypted with 256-bit AES, and organizations can use private endpoints to limit who can reach their storage resources.
The company advised enterprise customers to:
- Use role-based access control to enforce least privilege and avoid unrestricted SAS tokens.
- Enable Defender for Storage to detect and alert on suspicious behavior.
- Implement logging, auditing and key rotation to maintain account integrity.
- Restrict public network access and enforce secure transfer requirements.
The company also reccomends enterprise IT can lower their risk by tightening access permissions and keeping constant watch for unusual activity. It added that securing object storage is now a critical part of protecting enterprise cloud systems.