Microsoft aims to improve anti-phishing MFA for White House 'zero trust' push

Microsoft has laid out some key documents for federal agencies to use as they implement the White House’s ‘zero trust’ goals within the new US cybersecurity strategy.

In January, the Biden Administration released its new cybersecurity strategy following President Biden’s May 2021 executive order (EO 14028), signed in the wake of the SolarWinds software supply chain attack and ransomware attacks on critical infrastructure like Colonial Pipeline.

ZDNet Recommends

Core to that strategy are ‘zero trust’ architectures, for which US tech and cybersecurity vendors were canvassed for suggestions by the US National Institute of Standards and Technology (NIST), specifically about how to protect software supply chains from attack. Zero trust assumes breach and that basically nothing should be trusted.

SEE: Cybersecurity: Let’s get tactical (ZDNet special report)

But even as supply chains are targeted, email phishing remains one of the main methods that attackers use to breach a network, creating the starting point for a later supply chain attack.

In May, it wasn’t known whether Russian intelligence hackers used a targeted email phishing attack to breach SolarWinds’ software build systems. But the attack group, tagged Nobelium by Microsoft, has subsequently relied heavily on credential stuffing, phishing, API abuse, and token theft in

Read More: