Uncover the latest cloud data security capabilities from Microsoft Defender for Cloud
Learn about the latest multicloud data security capabilities from Microsoft Defender for Cloud to strengthen your data security posture and protect your cloud data estate against data breaches and malware distribution.
The Risk of Default Configuration: How Out-of-the-Box Helm Charts Can Breach Your Cluster
Authors: Michael Katchinskiy, Security Researcher, Microsoft Defender for Cloud Research Yossi Weizman, Principal Security Research Manager, Microsoft Defender for Cloud Research Have you ever used pre-made deployment templates to quickly spin up applications in Kubernetes environments? While these “plug-and-play” options greatly simplify the setup process, they often prioritize ease of use over security. As a result, a large number of applications end up being deployed in a misconfigured state by default, exposing sensitive data, cloud resources, or even the entire environment to attackers. Cloud-native applications are software systems designed to fully leverage the flexibility and scalability of the cloud. These applications are broken into small services called microservices. Usually, each service is packaged in a container with all its dependences, making it easy to deploy across different environments. Kubernetes then orchestrates these services, automatically handling their deployment, scaling, and health checks. Out-of-the-Box Helm Charts Open-source projects usually contain a section explaining how to deploy their apps “out of the box” on their code repository. These documents often include default manifests or pre-defined Helm charts that are intended for ease of use rather than hardened security. Among other issues, two significant security concerns arise: (1) exposing services externally without proper network restrictions and (2) lack of adequate built-in authentication or authorization by default. Internet exposure in Kubernetes usually originates in a LoadBalancer service, which exposes K8s workloads via an external IP for direct access, or in Ingress objects, which manage HTTP and HTTPS traffic to internal services. If authentication is not properly configured, both can allow insecure access to the applications, leading to unauthorized access, data exposure, and potential service abuse. Consequently, default configurations that lack proper security controls create a severe security threat. Without carefully reviewing the YAML manifests and Helm charts, organizations may unknowingly deploy services lacking any form of protection, leaving them fully exposed to attackers. This is particularly concerning when the deployed application can query sensitive APIs or allow administrative actions, which is exactly what we will shortly see. Apache Pinot default configuration Apache Pinot is a real-time, distributed OLAP datastore designed for high-speed querying of large-scale datasets with low latency. For Kubernetes installations, Apache Pinot’s official documentation refers users to a Helm chart stored in their official Github repository for a quick installation: While Apache Pinot's documentation states that the provided configuration is a reference setup that users may want to modify, they don’t mention that this configuration is severely insecure, leaving the users prone to data theft attacks: The default installation exposes Apache Pinot’s main components to the internet by Kubernetes LoadBalancer services without providing any authentication mechanism by default. Specifically, the pinot-broker and pinot-controller services allow unauthenticated access to query the stored data and manage the workload. Below is a screenshot of Pinot’s dashboard, exposed by the pinot-controller service in port 9000, allowing full management of the Apache Pinot and access to the stored information. Recently, Microsoft Defender for Cloud identified several incidents in which attackers exploited misconfigured Apache Pinot workloads, allowing them to access the data of Apache Pinot users. Not Just Apache Pinot To determine how widespread this issue is, we conducted a thorough investigation by searching using GitHub Code Search repositories for YAML files containing strings that may indicate on misconfigured workload, such as “type: LoadBalancer”. We then sorted the results by their popularity and deployed the applications in controlled test environments to assess their default security posture. Our goal was to find out which applications are exposed to the internet by default, more critically, whether they incorporate any authentication or authorization mechanisms. Here's what we found: The majority of applications we evaluated had at least some form of basic password protection, though the strength and reliability of these measures varied significantly. A small but critical group of applications either provided no authentication at all or used a predefined user and password for logging in, making them prime targets for attackers. Sign me up Several applications appeared secure at first glance, but they allowed anyone to create a new account and access the system. This clearly does not provide effective protection when exposed to the internet. This highlights how a “default by convenience” approach can invite risk when security settings are not thoroughly reviewed or properly configured. Meshery is an engineering platform for collaborative design and operation of cloud native infrastructure. By default, when installing Meshery on your Kuberentes cluster via the official Helm installation, the app’s interface is exposed via an external IP address. We discovered that anyone who can access the external IP address can sign up with a new user and access the interface which provides extensive visibility into cluster activities and even enable the deployment of new pods. These capabilities grant attackers a direct path to execute arbitrary code and gain control of underlying resources if Meshery is not secured or restricted to internal networks only. Selenium Grid Selenium is a popular tool for automating web browser testing, with millions of downloads of its container image. In the last few months, we’ve observed multiple attack campaigns specifically targeting Selenium Grid instances that lack authentication. In addition several security vendors, including Wiz and Cado Security, have reported these attacks. While the official Helm chart for Selenium Grid doesn’t expose it to the internet, there are several widely referenced GitHub projects that do - using a LoadBalancer or a NodePort. In one Selenium deployment example from the official Kubernetes repository, Selenium is set up to use a NodePort. This configuration exposes the service on a specific port across all nodes in your cluster, meaning that the firewall rules set up in your network security group become your primary and often only line of defense. If you'd like to see additional examples, try using GitHub Code Search with this query. Awareness of the risks associated with exposing services has grown over the years, and many developers today understand the dangers of leaving applications wide open. Even so, some applications simply weren’t built for external access and don’t provide any built-in authentication. Their own documentation often warns users not to expose these services publicly. Yet, it still happens, usually for convenience, leaving entire clusters at risk. If you still remain unconvinced, look to the countless unsecured Redis, Elasticsearch, Prometheus, and other instances that are regularly surfaced in Shodan scans and security blog posts. Despite years of warnings, these applications are still being exposed. Conclusion Many in-the-wild exploitations of containerized applications originate in misconfigured workloads, often when using default settings. Relying on “default by convenience” setups pose a significant security risk. To mitigate these risks, it is crucial to: Review before you deploy: Don’t rely on default configurations. Review the configuration files and modify them according to security best practices. This includes enforcing strong authentication mechanism and network isolation. Regularly scan your organization to exposed services: Scan the publicly facing interfaces of your workloads. While some workloads should allow access from external endpoints, in many cases this exposure should be reconsidered. Monitor your containerized applications: Monitor the running containers in your environment for malicious and suspicious activities. This includes monitoring of the running processes, network traffic, and other activities performed by the workload. Also, many container-based attacks involve deployment of backdoor containers in the cluster. Monitor the Kubernetes cluster for unknown workloads and the nodes for unknown pulled images. Strengthening Cluster Security with Microsoft Defender for Cloud Microsoft Defender for Cloud (MDC) helps protect your environment from misconfigurations, including risky service exposure. For example, MDC alerts on the exposure of Kubernetes services which are associated with sensitive interfaces, including Apache Pinot. With Microsoft Defender CSPM, you can get an overview of the exposure of your organization’s cloud environment, including the containerized applications. Using the Cloud Security Explorer, you can get full visibility of the internet exposed workloads in your Kubernetes clusters, enabling you to mitigate potential risks and easily identify misconfiguration. Read more about Containers security with Microsoft Defender for containers here.Microsoft Defender for Cloud - Elevating Runtime Protection
In today's rapidly evolving digital landscape, runtime security is crucial for maintaining the integrity of applications in containerized environments. As threats become increasingly sophisticated, the demand for more adaptive protection continues to rise. Attackers are no longer relying on generic exploits — they are actively targeting vulnerabilities in container configurations, runtime processes, and shared resources. From injecting malicious code to escalating privileges and exploiting kernel vulnerabilities, their tactics are constantly evolving. Overcoming these challenges requires continuous monitoring, validating container immutability, and detecting anomalies to prevent and respond to threats in real time, ensuring container security throughout their lifecycle. Building on these best practices, Microsoft Defender for Cloud delivers advanced and innovative runtime threat protection for containerized environments, providing real-time defense and adaptive security to address evolving threats head-on. Empowering SOC with real-time threat detection At the heart of our enhanced runtime protection lies our advanced detection capabilities. To stay ahead of evolving threats and offer near real-time threat detection, Microsoft Defender for Cloud is proud to announce significant advancements in its unique eBPF sensor. This sensor now provides Kubernetes alerts, powered by Microsoft Defender for Endpoint (MDE) detection engine in the backend. Leveraging Microsoft’s industry-leading security expertise, we've tailored MDE's robust security capabilities to specifically address the unique challenges of containerized environments. By carefully validating detections against container-specific threat landscapes, adding relevant context, and adjusting alerts as needed, we've optimized the solution for maximum accuracy and effectiveness that is needed for cloud-native environments. By utilizing the MDE detection engine, we offer the following enhancements: Near real-time detection: Our solution provides timely alerts, enabling you to respond quickly to threats and minimize their impact. Expanded threat coverage: We've expanded our detection capabilities to cover a broader range of threats such as binary drift and additional threat matrix coverage. Enhanced visibility: Gain deeper insights into your container environment with detailed threat information and context that is sent to Defender XDR for further investigation. Switching between multiple portals leaves customers with a fragmented view of their security landscape, hindering their ability to investigate and respond to security incidents efficiently. To combat this, Defender for Cloud alerts are integrated with Defender XDR. By centralizing alerts from both solutions within Defender XDR, customers can gain comprehensive visibility of their security landscape and simplify incident detection, investigation, and response effectively. Introducing binary drift detection to maintain optimal security and performance, containerized applications should strictly adhere to their defined boundaries. With binary drift detection in place, unauthorized code injections can be swiftly identified. By comparing the modified container image against the original, the system detects any discrepancies, enabling timely response to potential threats. By combining binary drift detection with other security measures, organizations can reduce the risk of exploitation and protect their containerized applications from malicious attacks. An example of binary drift detection Key takeaways from above illustration: Common Vulnerability and Exposures (CVE) pose significant risks to containerized environments. Binary drift detection can help identify unauthorized changes to container images, even if they result from CVE exploitation. Regular patching and updating of container images are crucial to prevent vulnerabilities. In some customer environments, it's common to deviate from best practices. For example, tasks like debugging and monitoring often require running processes that aren’t part of the original container image. To handle this, we offer binary drift detection along with a flexible policy system. This lets you choose when to receive alerts or ignore them. You can customize these settings based on your cloud environment or by filtering specific Kubernetes resources. Learn more about binary drift detection For a deep dive into binary drift detection and how it can enhance your container security posture, please see Container, Security, Kubernetes. Presenting new scenario-driven alert simulation Simulate real-world attack scenarios within your containerized environments with this innovative simulator, enabling you to test your detection capabilities and response procedures. You can enhance your security posture and protect your containerized environments from emerging threats by leveraging this powerful tool. Examples of some of the attack scenarios that can be simulated using this tool are: Reconnaissance activity: Mimic the actions of attackers as they gather information about your cluster. Cluster-to-cloud: Simulate lateral movement as attackers attempt to spread across your environment. Secret gathering: Test your ability to detect attempts to steal sensitive information. Crypto-mining activity: Simulate the impact of resource-intensive crypto-mining operations. Webshell invocation: Test your detection capabilities for malicious web shells. You can gain valuable insights into your security controls and identify areas for improvement. This tool provides a safe and controlled environment to practice incident response, ensuring that your team is well-prepared to handle real-world threats. Key benefits of scenario-driven alert simulation: Test detection capabilities: Validate your ability to identify and respond to various attack types. Validate response procedures: Ensure your incident response teams are prepared to handle real-world threats. Identify gaps in security: Discover weaknesses in your security posture and address them proactively. Improve incident response time: Practice handling simulated incidents to reduce response times in real-world situations. Alert simulation tool Enhancing Cloud Detection and Response (CDR) From detection to resolution, we've streamlined every step of the process to ensure robust and efficient threat management. By enabling better visibility, faster investigation, and precise response capabilities, SOC teams can confidently address container threats, reducing risks and operational disruptions across multi-cloud environments. Cloud-native response actions for containers Swift and precise containment is critical in dynamic, containerized environments. To address this, we’ve introduced cloud-native response actions in Defender XDR, enabling SOC teams to: Cut off unauthorized pod access and prevent lateral movement by instantly isolating compromised pods. Stop ongoing malicious pod activity and minimize impact by terminating compromised pods with a single click. These capabilities are specifically designed to meet the unique challenges of multi-cloud ecosystems, empowering security teams to reduce Mean Time to Resolve (MTTR) and ensure operational continuity. Response actions Action center view Log collection in advanced hunting Limited visibility in Kubernetes activities, cloud infrastructure changes, and runtime processes weakens effective threat detection and investigation in containerized environments. To bridge this gap, we’ve enhanced Defender XDR’s advanced hunting experience by collecting: KubeAudit logs: Delivering detailed insights into Kubernetes events and activities. Azure Control Plane logs: Providing a comprehensive view of cloud infrastructure activities. Process events: Capturing detailed runtime activity. This enriched data enables SOC teams to do deeper investigations, hunt for advanced threats, and create custom detection rules. With full visibility across AKS, EKS, and GKE, these capabilities strengthen defenses and support proactive security strategies. Advance hunting view Accelerating investigations with built-in queries Lengthy investigation processes can delay incident resolution and can potentially lead to a successful attack attempt. To address this, we’ve equipped go hunt with pre-built queries specifically tailored for cloud and containerized threats. These built-in queries allow SOC teams to: Focus their time in quickly identifying attacker activity and not write custom queries. Gain insights in minutes vs. hours, reducing the investigation time enormously. This streamlined approach enhances SOC efficiency, ensuring that teams spend more time on remediation and less on query development. Go hunt view Bridging knowledge gaps with guided response using Microsoft Security Copilot Many security teams, especially those working in complex environments like containers, may not have deep expertise in every aspect of container threat response. Additionally, security teams might encounter threats or vulnerabilities they haven’t seen before. We are excited to integrate with Security Copilot to bridge this gap. Security Copilot serves as a valuable tool that offers: Step-by-step, context-rich guidance for each incident. Tailored recommendations for effective threat containment and remediation. By leveraging AI-driven insights, Security Copilot empowers SOC teams of varying expertise levels to navigate incidents with precision, ensuring consistent and effective responses across the board. Security copilot recommendations Summary Microsoft Defender for Cloud has introduced significant advancements in runtime protection for containerized environments. By leveraging the Microsoft Defender for Endpoint (MDE) detection engine, this solution now offers near real-time threat detection, enhancing threat visibility and response capabilities. A key feature, binary drift detection, monitors changes in container images to identify unauthorized modifications and prevent security breaches. Additionally, the integration with Defender XDR centralizes alerts, providing comprehensive visibility and simplifying incident detection, investigation, and response. With enhanced cloud-native response actions and advanced hunting capabilities, SOC teams can confidently address container threats, reducing risks and operational disruptions across multi-cloud environments. Learn more Ready to elevate your container security? Experience the power of our new features firsthand with our cutting-edge simulator—test them in your containerized environments and see the difference! Alerts for Kubernetes Clusters - Microsoft Defender for Cloud | Microsoft Learn
From visibility to action: The power of cloud detection and response
Cloud attacks aren’t just growing—they’re evolving at a pace that outstrips traditional security measures. Today’s attackers aren’t just knocking at the door—they’re sneaking through cracks in the system, exploiting misconfigurations, hijacking identity permissions, and targeting overlooked vulnerabilities. While organizations have invested in preventive measures like vulnerability management and runtime workload protection, these tools alone are no longer enough to stop sophisticated cloud threats. The reality is: security isn’t just about blocking threats from the start—it’s about detecting, investigating, and responding to them as they move through the cloud environment. By continuously correlating data across cloud services, cloud detection and response (CDR) solutions empower security operations centers (SOCs) with cloud context, insights, and tools to detect and respond to threats before they escalate. However, to understand CDR’s role in the broader cloud security landscape, let’s first understand how it evolved from traditional approaches like cloud workload protection (CWP). The natural progression: From protecting workloads to correlating cloud threats In today’s multi-cloud world, securing individual workloads is no longer enough—organizations need a broader security strategy. Microsoft Defender for Cloud offers cloud workload protection as part of its broader Cloud-Native Application Protection Platform (CNAPP), securing workloads across Azure, AWS, and Google Cloud Platform. It protects multicloud and on-premises environments, responds to threats quickly, reduces the attack surface, and accelerates investigations. Typically, CWP solutions work in silos, focusing on each workload separately rather than providing a unified view across multiple clouds. While this solution strengthens individual components, it lacks the ability to correlate the data across cloud environments. As cloud threats become more sophisticated, security teams need more than isolated workload protection—they need context, correlation, and real-time response. CDR represents the natural evolution of CWP. Instead of treating security as a set of isolated defenses, CDR weaves together disparate security signals to provide richer context, enabling faster and more effective threat mitigation. A shift towards a more unified, real-time detection and response model, CDR ensures that security teams have the visibility and intelligence needed to stay ahead of modern cloud threats. If CWP is like securing individual rooms in a building—locking doors, installing alarms, and monitoring each space separately—then CDR is like having a central security system that watches the entire building, detecting suspicious activity across all rooms, and responding in real time. That said, building an effective CDR solution comes with its own challenges. These are the key reasons your cloud security strategy might be falling short: Lack of Context SOC teams can’t protect what they can’t see. Limited visibility and understanding into resource ownership, deployment, and criticality makes threat prioritization difficult. Without context, security teams struggle to distinguish minor anomalies from critical incidents. For example, a suspicious process in one container may seem benign alone but, in context, could signal a larger attack. Without this contextual insight, detection and response are delayed, leaving cloud environments vulnerable. Hierarchical Complexity Cloud-native environments are highly interconnected, making incident investigation a daunting task. A single container may interact with multiple services across layers of VMs, microservices, and networks, creating a complex attack surface. Tracing an attack through these layers is like finding a needle in a haystack—one compromised component, such as a vulnerable container, can become a steppingstone for deeper intrusions, targeting cloud secrets and identities, storage, or other critical assets. Understanding these interdependencies is crucial for effective threat detection and response. Ephemeral Resources Cloud native workloads tend to be ephemeral, spinning up and disappearing in seconds. Unlike VMs or servers, they leave little trace for post-incident forensics, making attack investigations difficult. If a container is compromised, it may be gone before security teams can analyze it, leaving minimal evidence—no logs, system calls, or network data to trace the attack’s origin. Without proactive monitoring, forensic analysis becomes a race against time. A unified SOC experience with cloud detection and response The integration of Microsoft Defender for Cloud with Defender XDR empowers SOC teams to tackle modern cloud threats more effectively. Here’s how: 1. Attack Paths One major challenge for CDR is the lack of context. Alerts often appear isolated, limiting security teams’ understanding of their impact or connection to the broader cloud environment. Integrating attack paths into incident graphs can improve CDR effectiveness by mapping potential routes attackers could take to reach high-value assets. This provides essential context and connects malicious runtime activity with cloud infrastructure. In Defender XDR, using its powerful incident technology, alerts are correlated into high-fidelity incidents and attack paths are included in incident graphs to provide a detailed view of potential threats and their progression. For example, if a compromised container appears on an identified attack path leading to a sensitive storage account, including this path in the incident graph provides SOC teams with enhanced context, showing how the threat could escalate. Attack path integrated into incident graph in Defender XDR, showing potential lateral movement from a compromised container. 2. Automatic and Manual Asset Criticality Classification In a cloud native environment, it’s challenging to determine which assets are critical and require the most attention, leading to difficulty in prioritizing security efforts. Without clear visibility, SOC teams struggle to identify relevant resources during an incident. With Microsoft’s automatic asset criticality, Kubernetes clusters are tagged as critical based on predefined rules, or organizations can create custom rules based on their specific needs. This ensures teams can prioritize critical assets effectively, providing both immediate effectiveness and flexibility in diverse environments. Asset criticality labels are included in incident graphs using the crown shown on the node to help SOC teams identify that the incident includes a critical asset. 3. Built-In Queries for Deeper Investigation Investigating incidents in a complex cloud-native environment can be overwhelming, with vast amounts of data spread across multiple layers. This complexity makes it difficult to quickly investigate and respond to threats. Defender XDR simplifies this process by providing immediate, actionable insights into attacker activity, cutting investigation time from hours or days to just minutes. Through the “go hunt” action in the incident graph, teams can leverage pre-built queries specifically designed for cloud and containerized threats, available at both the cluster and pod levels. These queries offer real-time visibility into data plane and control plane activity, empowering teams to act swiftly and effectively, without the need for manual, time-consuming data sifting. 4. Cloud-Native Response Actions for Containers Attackers can compromise a cloud asset and move laterally across various environments, making rapid response critical to prevent further damage. Microsoft Defender for Cloud’s integration with Defender XDR offers real-time, multi-cloud response capabilities, enabling security teams to act immediately to stop the spread of threats. For instance, if a pod is compromised, SOC teams can isolate it to prevent lateral movement by applying network segmentation, cutting off its access to other services. If the pod is malicious,it can be terminated entirely to halt ongoing malicious activity. These actions, designed specifically for Kubernetes environments, allow SOC teams to respond instantly with a single click in the Defender portal, minimizing the impact of an attack while investigation and remediation take place. New innovations for threat detection across workloads, with focused investigation and response capabilities for containers—only with Microsoft Defender for Cloud. New innovations for threat detection across workloads, with focused investigation and response capabilities for containers—only with Microsoft Defender for Cloud. 5. Log Collection in Advanced Hunting Containers are ephemeral and that makes it difficult to capture and analyze logs, hindering the ability to understand security incidents. To address this challenge, we offer advanced hunting that helps ensure critical logs—such as KubeAudit, cloud control plane, and process event logs—are captured in real time, including activities of terminated workloads. These logs are stored in the CloudAuditEvents and CloudProcessEvents tables, tracking security events and configuration changes within Kubernetes clusters and container-level processes. This enriched telemetry equips security teams with the tools needed for deeper investigations, advanced threat hunting, and creating custom detection rules, enabling faster detection and resolution of security threats. 6. Guided response with Copilot Defender for Cloud's integration with Microsoft Security Copilot guides your team through every step of the incident response process. With tailored remediation for cloud native threats, it enhances SOC efficiency by providing clear, actionable steps, ensuring quicker and more effective responses to incidents. This enables teams to resolve security issues with precision, minimizing downtime and reducing the risk of further damage. Use case scenarios In this section, we will follow some of the techniques that we have observed in real-world incidents and explore how Defender for Cloud’s integration with Defender XDR can help prevent, detect, investigate, and respond to these incidents. Many container security incidents target resource hijacking. Attackers often exploit misconfigurations or vulnerabilities in public-facing apps — such as outdated Apache Tomcat instances or weak authentication in tools like Selenium — to gain initial access. But not all attacks start this way. In a recent supply chain compromise involving a GitHub Action, attackers gained remote code execution in AKS containers. This shows that initial access can also come through trusted developer tools or software components, not just publicly exposed applications. After gaining remote code execution, attackers disabled command history logging by tampering with environment variables like “HISTFILE,” preventing their actions from being recorded. They then downloaded and executed malicious scripts. Such scripts start by disabling security tools such as SELinux or AppArmor or by uninstalling them. Persistence is achieved by modifying or adding new cron jobs that regularly download and execute malicious scripts. Backdoors are created by replacing system libraries with malicious ones. Once the required configuration changes are made for the malware to work, the malware is downloaded, executed, and the executable file is deleted to avoid forensic analysis. Attackers try to exfiltrate credentials from environment variables, memory, bash history, and configuration files for lateral movement to other cloud resources. Querying the Instance Metadata service endpoint is another common method for moving from cluster to cloud. Defender for Cloud and Defender XDR’s integration helps address such incidents both in pre-breach and post-breach stages. In the pre-breach phase, before applications or containers are compromised, security teams can take a proactive approach by analyzing vulnerability assessment reports. These assessments surface known vulnerabilities in containerized applications and underlying OS components, along with recommended upgrades. Additionally, vulnerability assessments of container images stored in container registries — before they are deployed — help minimize the attack surface and reduce risk earlier in the development lifecycle. Proactive posture recommendations — such as deploying container images only from trusted registries or resolving vulnerabilities in container images — help close security gaps that attackers commonly exploit. When misconfigurations and vulnerabilities are analyzed across cloud entities, attack paths can be generated to visualize how a threat actor might move laterally across services. Addressing these paths early strengthens overall cloud security and reduces the likelihood of a breach. If an incident does occur, Defender for Cloud provides comprehensive real-time detection, surfacing alerts that indicate both malicious activity and attacker intent. These detections combine rule-based logic with anomaly detection to cover a broad set of attack scenarios across resources. In multi-stage attacks — where adversaries move laterally between services like AKS clusters, Automation Accounts, Storage Accounts, and Function Apps — customers can use the "go hunt" action to correlate signals across entities, rapidly investigate, and connect seemingly unrelated events. Attackers increasingly use automation to scan for exposed interfaces, reducing the time to breach containers—sometimes in under 30 minutes, as seen in a recent Geoserver incident. This demands rapid SOC response to contain threats while preserving artifacts for analysis. Defender for Cloud enables swift actions like isolating or terminating pods, minimizing impact and lateral movement while allowing for thorough investigation. Conclusion Microsoft Defender for Cloud, integrated with Defender XDR, transforms cloud security by addressing the challenges of modern, dynamic cloud environments. By correlating alerts from multiple workloads across Azure, AWS, and GCP, it provides SOC teams with a unified view of the entire threat landscape. This powerful correlation prevents lateral movement and escalation of threats to high-value assets, offering a deeper, more contextual understanding of attacks. Security teams can seamlessly investigate and track incidents through dynamic graphs that map the full attack journey, from initial breach to potential impact. With real-time detection, automatic alert correlation, and the ability to take immediate, decisive actions—like isolating compromised containers or halting malicious activity—Defender for Cloud’s integration with Defender XDR ensures a proactive, effective response. This integrated approach enhances incident response and empowers organizations to stop threats before they escalate, creating a resilient and agile cloud security posture for the future. Additional resources: Watch this cloud detection and response video to see it in action Try our alerts simulation tool for container security Read about some of our recent container security innovations Check out our latest product releases Explore our cloud security solutions page Learn how you can unlock business value with Defender for Cloud Start a free 30-day trial of Defender for Cloud todayNew innovations to protect custom AI applications with Defender for Cloud
Today’s blog post introduced new capabilities to enhance AI security and governance across multi-model and multi-cloud environments. This follow-on blog post dives deeper into how Microsoft Defender for Cloud can help organizations protect their custom-built AI applications. The AI revolution has been transformative for organizations, driving them to integrate sophisticated AI features and products into their existing systems to maintain a competitive edge. However, this rapid development often outpaces their ability to establish adequate security measures for these advanced applications. Moreover, traditional security teams frequently lack the visibility and actionable insights needed, leaving organizations vulnerable to increasingly sophisticated attacks and struggling to protect their AI resources. To address these challenges, we are excited to announce the general availability (GA) of threat protection for AI services, a capability that enhances threat protection in Microsoft Defender for Cloud. Starting May 1, 2025, the new Defender for AI Services plan will support models in Azure AI and Azure OpenAI Services. Note: Effective August 1, 2025, the price for Defender for AI Services was updated to $0.0008 per 1,000 tokens per month (USD – list price). “Security is paramount at Icertis. That’s why we've partnered with Microsoft to host our Contract Intelligence platform on Azure, fortified by Microsoft Defender for Cloud. As large language models (LLMs) became mainstream, our Icertis ExploreAI Service leveraged generative AI and proprietary models to transform contract management and create value for our customers. Microsoft Defender for Cloud emerged as our natural choice for the first line of defense against AI-related threats. It meticulously evaluates the security of our Azure OpenAI deployments, monitors usage patterns, and promptly alerts us to potential threats. These capabilities empower our Security Operations Center (SOC) teams to make more informed decisions based on AI detections, ensuring that our AI-driven contract management remains secure, reliable, and ahead of emerging threats.” Subodh Patil, Principal Cyber Security Architect at Icertis With these new threat protection capabilities, security teams can: Monitor suspicious activity in Azure AI resources, abiding by security frameworks like the OWASP Top 10 threats for LLM applications to defend against attacks on AI applications, such as direct and indirect prompt injections, wallet abuse, suspicious access to AI resources, and more. Triage and act on detections using contextual and insightful evidence, including prompt and response evidence, application and user context, grounding data origin breadcrumbs, and Microsoft Threat Intelligence details. Gain visibility from cloud to code (right to left) for better posture discovery and remediation by translating runtime findings into posture insights, like smart discovery of grounding data sources. Requires Defender CSPM posture plan to be fully utilized. Leverage frictionless onboarding with one-click, agentless enablement on Azure resources. This includes native integrations to Defender XDR, enabling advanced hunting and incident correlation capabilities. Detect and protect against AI threats Defender for Cloud helps organizations secure their AI applications from the latest threats. It identifies vulnerabilities and protects against sophisticated attacks, such as jailbreaks, invisible encodings, malicious URLs, and sensitive data exposure. It also protects against novel threats like ASCII smuggling, which could otherwise compromise the integrity of their AI applications. Defender for Cloud helps ensure the safety and reliability of critical AI resources by leveraging signals from prompt shields, AI analysis, and Microsoft Threat Intelligence. This provides comprehensive visibility and context, enabling security teams to quickly detect and respond to suspicious activities. Prompt analysis-based detections aren’t the full story. Detections are also designed to analyze the application and user behavior to detect anomalies and suspicious behavior patterns. Analysts can leverage insights into user context, application context, access patterns, and use Microsoft Threat Intelligence tools to uncover complex attacks or threats that escape prompt-based content filtering detectors. For example, wallet attacks are a common threat where attackers aim to cause financial damage by abusing resource capacity. These attacks often appear innocent because the prompts' content looks harmless. However, the attacker's intention is to exploit the resource capacity when left unconstrained. While these prompts might go unnoticed as they don't contain suspicious content, examining the application's historical behavior patterns can reveal anomalies and lead to detection. Respond and act on AI detections effectively The lack of visibility into AI applications is a real struggle for security teams. The detections contain evidence that is hard or impossible for most SOC analysts to access. For example, in the below credential exposure detection, the user was able to solicit secrets from the organizational data connected to the Contoso Outdoors chatbot app. How would the analyst go about understanding this detection? The detection evidence shows the user prompt and the model response (secrets are redacted). The evidence also explicitly calls out what kind of secret was exposed. The prompt evidence of this suspicious interaction is rarely stored, logged, or accessible anywhere outside the detection. The prompt analysis engine also tied the user request to the model response, making sense of the interaction. What is most helpful in this specific detection is the application and user context. The application name instantly assists the SOC in determining if this is a valid scenario for this application. Contoso Outdoors chatbot is not supposed to access organizational secrets, so this is worrisome. Next, the user context reveals who was exposed to the data, through what IP (internal or external) and their supposed intention. Most AI applications are built behind AI gateways, proxies, or Azure API Management (APIM) instances, making it challenging for SOC analysts to obtain these details through conventional logging methods or network solutions. Defender for Cloud addresses this issue by using a straightforward approach that fetches these details directly from the application’s API request to Azure AI. Now, the analyst can reach out to the user (internal) or block (external) the identity or the IP. Finally, to resolve this incident, the SOC analyst intends to remove and decommission the secret to mitigate the impact of the exposure. The final piece of evidence presented reveals the origin of the exposed data. This evidence substantiates the fact that the leak is genuine and originates from internal organizational data. It also provides the analyst with a critical breadcrumb trail to successfully remove the secret from the data store and communicate with the owner on next steps. Trace the invisible lines between your AI application and the grounding sources Defender for Cloud excels in continuous feedback throughout the application lifecycle. While posture capabilities help triage detections, runtime protection provides crucial insights from traffic analysis, such as discovering data stores used for grounding AI applications. The AI application's connection to these stores is often hidden from current control or data plane tools. The credential leak example provided a real-world connection that was then integrated into our resource graph, uncovering previously overlooked data stores. Tagging these stores improves attack path and risk factor identification during posture scanning, ensuring safe configuration. This approach reinforces the feedback loop between runtime protection and posture assessment, maximizing cloud-native application protection platform (CNAPP) effectiveness. Align with AI security frameworks Our guiding principle is widely recognized by OWASP Top 10 for LLMs. By combining our posture capabilities with runtime monitoring, we can comprehensively address a wide range of threats, enabling us to proactively prepare for and detect AI-specific breaches with Defender for Cloud. As the industry evolves and new regulations emerge, frameworks such as OWASP, the EU AI Act, and NIST 600-1 are shaping security expectations. Our detections are aligned with these frameworks as well as the MITRE ATLAS framework, ensuring that organizations stay compliant and are prepared for future regulations and standards. Get started with threat protection for AI services To get started with threat protection capabilities in Defender for Cloud, it’s as simple as one-click to enable it on your relevant subscription in Azure. The integration is agentless and requires zero intervention in the application dev lifecycle. More importantly, the native integration directly inside Azure AI pipeline does not entail scale or performance degradation in the application runtime. Consuming the detections is easy, it appears in Defender for Cloud’s portal, but is also seamlessly connected to Defender XDR and Sentinel, leveraging the existing connectors. SOC analysts can leverage the correlation and analysis capabilities of Defender XDR from day one. Explore these capabilities today with a free 30-day trial*. You can leverage your existing AI application and simply enable the “AI workloads” plan on your chosen subscription to start detecting and responding to AI threats. *Trial free period is limited to up to 75B tokens scanned. Learn more about the innovations designed to help your organization protect data, defend against cyber threats, and stay compliant. Join Microsoft leaders online at Microsoft Secure on April 9. Explore additional resources Learn more about Runtime protection Learn more about Posture capabilities Watch the Defender for Cloud in the Field episode on securing AI applications Get started with Defender for CloudMicrosoft Defender for Cloud latest protection against sophisticated abuse of Azure VM Extensions
Introduction Throughout recent years, the IT world has shifted its workloads, management layers, and machines to the cloud, thus introducing a new attack surface, accompanied by new attack vectors. The following introduced a tactic for threat actors to deploy their cyber-attacks against organizations’ cloud environments, gaining strong permissions, operating for financial gain, and more. Upon succeeding in compromising an identity with sufficient permissions in Azure, threat actors often try to abuse existing features within the environment that allow them to deploy their malicious activity stealthily, efficiently, and easily, and one special feature is: Azure VM extensions. Announcing new detections and alerts against extension abuse Azure VM extension abuse has never left Microsoft’s sight since its first appearance, and previous publication has discussed the topic. Today, we continue to deliver customer protection as a result of extensive research and monitoring, thus announcing the new and enhanced protection capabilities that Microsoft Defender for Cloud offers as part of Microsoft Defender for Servers plan 2 offering, against extension abuse, and its importance. Our customers can enjoy the protection capabilities effortlessly, without the need to manually deploy a dedicated agent on the VM. Azure virtual machine extensions Azure virtual machines extensions are small applications that provide post-deployment configuration and automation on Azure VMs, such as software updates, code and script execution, antimalware deployments, and more. VM extensions play an instrumental role in workload management and VM maintenance. Many organizations’ cloud environments are dependent on the extension’s capabilities, such as automation in configuration deployment, security management, continuous monitoring, troubleshooting and log analytics. On the other hand, extensions can be abused as a powerful cloud-native tool by threat actors who gained an initial foothold in the victim’s Azure environment. Solely dependent on Azure RBAC permissions, threat actors can abuse VM extensions to execute operations with high privileges to perform stealthy and destructive cyber-attacks. In this blog, we will discuss the various extensions, their uniqueness, the corresponding MITRE techniques associated with them that are abused in the wild and researched in the security world, and introduce Microsoft Defender for Cloud new series of alerts that combats this abuse. Threat hunting Reconnaissance Network Watcher, Azure Monitor, VMSnapshot extensions The following extensions allow different kinds of data collection and monitoring over network traffic, resources data, diagnostics, analytics and more. Network Watcher allows threat actors to capture network traffic, analyze packets, verify IP flow, and diagnose network security groups (NSGs). The Network Watcher tool can be invaluable for advanced threat actors looking to learn about the environment topology and identify weaknesses in the victim’s cloud environment by: Understanding the structure of the environment’s security framework. Using IP Flow to verify packet allowance to find exposed resources. Analyzing existing NSGs to determine how to manipulate them to gain access and then persistence. Azure Monitor allows threat actors to create data collection rules over resources, in order to capture various kinds of machine logs and events. Capturing Windows events of different kinds like security, system, and applications logs, could be of high importance for threat actors to gather information about the running compute inside the environment. This can be done by creating a dedicated log analytics that will consume the logs from the Azure Monitor agent on the VM. VMSnapshot allows threat actors to capture VM disks snapshots as part of Azure Backup service. Through Microsoft’s extensive research and investigation of recent sophisticated attacks, evidence has shown that not only do threat actors attempt to reset passwords and gain access and persistence to VMs by leveraging the VMAccess extension (which will be discussed later on), they also attempt to capture disk snapshots of VMs that capture their interest during the initial phases, by leveraging Azure Backup service capabilities. Capturing disk snapshots allows threat actors to export critical data from the VM’s disks during a short window of time, to a local or remote location, using a dedicated URL for downloading, or copying the disk to another location in the environment. After that, threat actors will attempt to attach the snapshots of the disks to their own controlled machines, after configuring them to the right format. Execution Azure VM extensions offer a variety of ways for code execution and running scripts as SYSTEM/sudo on your virtual machines, thus providing threat actors with a powerful tool to facilitate deployments of their different attack techniques, at scale: (Managed) Run Command Run Command uses the VM agent to run scripts on the VM, as SYSTEM/sudo. It can be abused in a variety of ways, from running recon commands to learn about the victim’s cloud environment, creating local admin users for persistence, to downloading payloads on the machine, executing crypto miners for impact, and more. Custom Script extension (CSE) The custom script extension allows the user to download and run a script on the VM, as SYSTEM/sudo. CSE can be used to deploy different attack vectors at scale especially when looking to run the same script across different VMs within a virtual machine scale set (unlike Run Command). As an example, Microsoft witnessed the following techniques being abused by a threat actor: Password Spraying campaign Threat actor successfully gains initial access to user accounts in Azure. Mass compute resource creation Threat actor sets up the crypto mining environment with the needed network resources. Mass deployment of XMRig software on all compute using Custom Script Extensions to initiate the crypto mining campaign. Azure Desired State Configuration (DSC) extension The extension uploads and applies a DSC configuration on the VM. Using DSC, threat actors can maliciously deploy scheduled tasks, apply configurations, and execute scripts, resulting in the deployment of a backdoor, connection to a C2 (Command and Control), extracting the VM managed identity, and more. Persistence Virtual Machine Access extension The VMAccess extension allows the user to manage administrative users and reset access on Azure VMs. Threat actors often abuse the VMAccess extension to gain access to VMs inside the victim’s environment, after they gain initial foothold, by resetting passwords, SSH keys, and manipulating the admin users in the VM. As a result, they can choose their target wisely inside the environment and gain access to it, only by using the cloud native RBAC roles needed to execute the extension, thus, discovering sensitive information and disrupting critical workloads inside the environment. We can see that the new user can successfully run commands as sudo: Impact GPU Driver extension The extension provides the ability to install the NVIDIA or AMD GPU drivers on supported compute VMs, which are GPU card equipped, in order to take full advantage of the card capabilities. Threat actors can leverage this capability to deploy a GPU driver on supported Azure VMs in the victim’s Azure environment and follow up with the installation of crypto mining software by leveraging the Custom Script Extension, or any other technique, and move on to the mining phase. Disk Encryption extension Azure Disk Encryption uses BitLocker to provide full disk encryption on Azure virtual machines. Threat actors can abuse this extension by attempting to encrypt the VMs’ disks in the victim’s cloud environment that captures the threat actor’s interest, with the goal to render all data permanently inaccessible by attempting to delete the encryption key or the key vault that contains the key. In such cases, it is crucial for the victim to be aware of purge protection and the protection measures that Microsoft provides to delay/prevent the deletion of the encryption key. Detection After going through the abuse scenarios for the variety of VM extensions, we will dive through Microsoft’s new detection capabilities and techniques, and how we are able to defend our customers through continuous monitoring and analysis of suspicious signals, from the control plane to the endpoint. Microsoft Defender for Cloud is announcing a new series of alerts targeting Azure VM extensions abuse, which are available to the customer through Microsoft Defender for Servers plan 2. Not only does the new series of detections target a wide range of abuse techniques, but it also targets a wide range of extension abuse types, to protect our customers against attack vectors that emerge. Through extensive research, we have been able to single out and identify the suspicious signals for which the likelihood of a breach is high, and as a result of studying the user’s behavior, and monitoring for such signals, we are able to detect suspicious activity, some of the signals are the following: Usage of VM extensions by a user account which hasn’t used any VM extensions recently. A sudden surge in extension usage by a suspicious user account, which might indicate a post-breach reconnaissance, impact, or persistence activity. Code or script execution containing parts that indicate a malicious intent. Usage of a combination of extensions in a short time windows which might indicate a recon attempt. Mitigation Identities in Azure require certain high privileged roles in Azure to be able to use extensions, this is yet another example of how identities and permissions represent the core of the cloud environment’s access controls. As a result, we recommend building a strong framework which is least privileged based, in order to provide the identity with the least permissions needed to perform its dedicated and legitimate operations and prevent imminent attacks. In addition to the above, continuous monitoring and detection efforts are essential to remediate ongoing attacks and prevent possible future ones. Conclusion With the advent and continued growth of cloud computing in Azure, many threat actors rely on techniques that facilitate their deployment of malicious activities, thus targeting Azure VM Extensions. As a result of in-depth research and continued monitoring, Microsoft Defender for Cloud is announcing a detection campaign to provide its customers with strong security measures for sophisticated attack vectors and threat actor campaigns targeting extensions abuse. Learn more about VM extensions: Link Learn more about the new series of alerts: Release Notes, Azure VM extensions alerts table Learn more about Defender for Cloud plans: Link Learn more about Defender for Servers plans: LinkAnnouncing Microsoft Defender for Cloud capabilities to counter identity-based supply chain attacks
In this blog, we will demonstrate the mechanisms of identity-based supply chain attacks in the cloud and discuss how service providers’ cloud access can be used by attackers for identity-based supply chain attacks. We will also show how a new alert enrichment in Microsoft Defender for Cloud can help to detect and remediate those threats.
