Windows TCO
-
Hindustan Times ☛ Scathing federal report rips Microsoft for shoddy security, insincerity in response to Chinese hack
In a scathing indictment of Microsoft corporate security and transparency, a Biden administration-appointed review board issued a report Tuesday saying “a cascade of errors” by the tech giant let state-backed Chinese cyber operators break into email accounts of senior U.S. officials including Commerce Secretary Gina Raimondo.
The Cyber Safety Review Board, created in 2021 by executive order, describes shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company's knowledge of the targeted breach, which affected multiple U.S. agencies that deal with China.
-
Scoop News Group ☛ Cyber review board blames cascading Microsoft failures for Chinese hack
The CSRB lays the blame for the incident squarely on Microsoft: “The Board concludes that this intrusion should never have happened. Storm-0558 was able to succeed because of a cascade of security failures at Microsoft.”
The report represents the conclusion of a seven-month review and comes against the backdrop of growing concern in Washington that a series of severe breaches at Microsoft has made the company a national-security liability at a time when the federal government is increasingly relying on that company for a raft of cloud computing services. In January, Microsoft disclosed the latest such incident, in which Russian hackers were able to access emails belonging to senior company officials and company source code.
-
The Register UK ☛ Microsoft slammed for lax infosec that led to Exchange crack
A review of the June 2023 attack on Microsoft's Exchange Online hosted email service – which saw accounts used by senior US officials compromised by a China-linked group called "Storm-0558" – has found that the incident would have been preventable save for Microsoft's lax infosec culture and sub-par cloud security precautions.
The review, conducted by the US government's Cybersecurity and Infrastructure Security Agency's Cyber Safety Review Board (CSRB), calls for "rapid cultural change" at Microsoft. Among the Board's recommendations: [...]
-
CISA ☛ Review of the Summer 2023 Microsoft Exchange Online Intrusion [PDF]
In May and June 2023, a threat actor compromised the Microsoft Exchange Online mailboxes of 22 organizations and over 500 individuals around the world. The actor—known as Storm-0558 and assessed to be affiliated with the People’s Republic of China in pursuit of espionage objectives—accessed the accounts using authentication tokens that were signed by a key Microsoft had created in 2016. This intrusion compromised senior United States government representatives working on national security matters, including the email accounts of Commerce Secretary Gina Raimondo, United States Ambassador to the People’s Republic of China R. Nicholas Burns, and Congressman Don Bacon.
Signing keys, used for secure authentication into remote systems, are the cryptographic equivalent of crown jewels for any cloud service provider. As occurred in the course of this incident, an adversary in possession of a valid signing key can grant itself permission to access any information or systems within that key’s domain. A single key’s reach can be enormous, and in this case the stolen key had extraordinary power. In fact, when combined with another flaw in Microsoft’s authentication system, the key permitted Storm-0558 to gain full access to essentially any Exchange Online account anywhere in the world. As of the date of this report, Microsoft does not know how or when Storm-0558 obtained the signing key.
This was not the first intrusion perpetrated by Storm-0558, nor is it the first time Storm-0558 displayed interest in compromising cloud providers or stealing authentication keys. Industry links Storm-0558 to the 2009 Operation Aurora campaign that targeted over two dozen companies, including Google, and the 2011 RSA SecurID incident, in which the actor stole secret keys used to generate authentication codes for SecurID tokens, which were used by tens of millions of users at that time. Indeed, security researchers have tracked Storm-0558’s activities for over 20 years.
-
Axios ☛ Cyberattacks are now small-business owners' worst fear
Driving the news: 60% of small-business owners said in the Chamber's most recent index that they're concerned about cybersecurity threats.
-
The Register UK ☛ INC Ransom claims 'cyber incident' at UK city council
A post made to INC Ransom's leak blog in the late hours of April 1 mentioned Leicester City Council as a victim of the ransomware group – the first indication that the local authority's IT incident involves an established cybercrime gang.
The note also mentioned that the attackers claimed to have stolen 3 TB worth of council data, before it was deleted soon after going live.
An update
One more, maybe chatbot spew:
-
US Government Review Finds Microsoft Responsible for Multiple Errors Leading to Chinese Hackers Breaching Senior Officials’ Emails
The US Cyber Safety Review Board found that Microsoft made avoidable errors that led to Chinese hackers breaching the tech giant’s network and accessing the email accounts of senior US officials. The review board concluded that the hack was preventable and should never have occurred, highlighting Microsoft’s inadequate security culture and the need for an overhaul to protect against future incidents. The hackers were able to remotely sign into Outlook accounts by forging credentials due to Microsoft’s failure to adequately protect a sensitive cryptographic key.