1. Home
    2. »
  2. Microsoft
    3. » Microsoft report on the cause of recent cyberattacks.

Microsoft report on the cause of recent cyberattacks.

- Posted in Microsoft by - Permalink

Microsoft has announced what the cause for the email systems breach caused by the Storm-0558 APT, as reported on in our prior post. Their report states that the signing key was exfiltrated from a compromised Microsoft engineers corporate account. This engineer had access to an improperly handled crash dump from a key signing server dated to 2021, and while the keys shouldn't have been in said dump, a race condition somehow allowed the keys to be inserted into the dump. The crash dump was also moved from Microsofts' reportedly isolated production network to their internet connected debugging environment at some point between 2021 and the initial attack, which is where the dump was when it was accessed by the compromised account.

This report should be a wake up call that the businesses that are referred to as "Big Tech" really aren't as secure as they would have us believe. we have heard for years that Microsofts' cloud based products are completely secure, but we now find that they are irresponsible with potentially sensitive data, why would a debugging environment not also be isolated? Why wasn't the source dump already archived offline? How many other attacks this year, like the Anonymous Sudan APT attacks in june-july, occurred because of this same issue. While Microsoft has said that the exploit in their systems used to generate the unauthorized signing keys has been fixed, how much longer until the next oversight occurs?

Our Thoughts Our assessment of this whole situation is that something needs to change at "Big Tech" firms. Company standard operating procedures seem to be past failing because they have marketers and accountants running tech firms. Where polices and procedures can and are changed for the sake of it taking less time/costing less money to perform a task, without taking into account the repercussions of doing so. We have historically loved Microsoft products, and must be mindful before currently recommending Big Techs cloud products due to issue like those mentioned in this article. If Microsoft can clean up its act, we would be first in line to validate the change and start using their cloud products again.

Tags:

Related posts