Tag Archive for: microsoft

Scathing federal report rips Microsoft for response to Chinese hack

/in


BOSTON — 

In a scathing indictment of Microsoft corporate security and transparency, a Biden administration-appointed review board issued a report Tuesday saying “a cascade of errors” by the tech giant let state-backed Chinese cyber operators break into email accounts of senior U.S. officials including Commerce Secretary Gina Raimondo.

The Cyber Safety Review Board, created in 2021 by executive order, describes shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company’s knowledge of the targeted breach, which affected multiple U.S. agencies that deal with China.

It concluded that “Microsoft’s security culture was inadequate and requires an overhaul” given the company’s ubiquity and critical role in the global technology ecosystem. Microsoft products “underpin essential services that support national security, the foundations of our economy, and public health and safety.”

The panel said the intrusion, discovered in June by the State Department and dating to May, “was preventable and should never have occurred,” and it blamed its success on “a cascade of avoidable errors.” What’s more, the board said, Microsoft still doesn’t know how the hackers got in.

The panel made sweeping recommendations, including urging Microsoft to put on hold adding features to its cloud computing environment until “substantial security improvements have been made.”

It said Microsoft’s CEO and board should institute “rapid cultural change,” including publicly sharing “a plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products.”

In a statement, Microsoft said it appreciated the board’s investigation and would “continue to harden all our systems against attack and implement even more robust sensors and logs to help us detect and repel the cyber-armies of our adversaries.”

In all, the state-backed Chinese hackers broke into the Microsoft Exchange Online email of 22 organizations and more than 500 individuals around the world — including the U.S. ambassador to China, Nicholas Burns — accessing some cloud-based email boxes for at least six weeks and downloading some 60,000 emails from the State…

Source…

Scathing federal report rips Microsoft for shoddy security, insincerity in response to Chinese hack, ET Telecom

/in


Boston: In a scathing indictment of Microsoft corporate security and transparency, a Biden administration-appointed review board issued a report Tuesday saying “a cascade of errors” by the tech giant let state-backed Chinese cyber operators break into email accounts of senior US officials including Commerce Secretary Gina Raimondo. The Cyber Safety Review Board, created in 2021 by executive order, describes shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company’s knowledge of the targeted breach, which affected multiple US agencies that deal with China. It concluded that “Microsoft’s security culture was inadequate and requires an overhaul” given the company’s ubiquity and critical role in the global technology ecosystem. Microsoft products “underpin essential services that support national security, the foundations of our economy, and public health and safety.”

The panel said the intrusion, discovered in June by the State Department and dating to May “was preventable and should never have occurred,” blaming its success on “a cascade of avoidable errors.” What’s more, the board said, Microsoft still doesn’t know how the hackers got in.

The panel made sweeping recommendations, including urging Microsoft to put on hold adding features to its cloud computing environment until “substantial security improvements have been made.”

It said Microsoft’s CEO and board should institute “rapid cultural change” including publicly sharing “a plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products.”

In a statement, Microsoft said it appreciated the board’s investigation and would “continue to harden all our systems against attack and implement even more robust sensors and logs to help us detect and repel the cyber-armies of our adversaries.”

In all, the state-backed Chinese hackers broke into the Microsoft Exchange Online email of 22 organisations and more than 500 individuals around the world including the US ambassador to China, Nicholas Burns – accessing some cloud-based email boxes for at least six weeks and downloading some…

Source…

DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack

/in


Mar 14, 2024NewsroomMalware / Cyber Attack

Microsoft Flaw in Zero-Day Attack

A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers.

“During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass CVE-2024-21412 that led to malicious Microsoft (.MSI) installers,” Trend Micro said.

CVE-2024-21412 (CVSS score: 8.1) concerns an internet shortcut files security feature bypass vulnerability that permits an unauthenticated attacker to circumvent SmartScreen protections by tricking a victim into clicking on a specially crafted file.

It was fixed by Microsoft as part of its Patch Tuesday updates for February 2024, but not before it was weaponized by a threat actor called Water Hydra (aka DarkCasino) to deliver the DarkMe malware in attacks targeting financial institutions.

The latest findings from Trend Micro show that the vulnerability has come under broader exploitation than previously thought, with the DarkGate campaign leveraging it in conjunction with open redirects from Google Ads to proliferate the malware.

Cybersecurity

The sophisticated attack chain begins with victims clicking on a link embedded within a PDF attachment sent via a phishing email. The link deploys an open redirect from Google’s doubleclick[.]net domain to a compromised web server hosting a malicious .URL internet shortcut file that exploits CVE-2024-21412.

Specifically, the open redirects are designed to distribute fake Microsoft software installers (.MSI) masquerading as legitimate software, such as Apple iTunes, Notion, NVIDIA, which come fitted with a side-loaded DLL file that decrypted and infected users with DarkGate (version 6.1.7).

It’s worth noting that another now-fixed bypass flaw in Windows SmartScreen (CVE-2023-36025, CVSS score: 8.8) has been employed by threat actors to deliver DarkGate, Phemedrone Stealer, and Mispadu over the past few months.

The abuse of Google Ads technologies allows threat actors to increase the reach and scale of their attacks through different ad…

Source…

How Not to Become the Target of the Next Microsoft Hack

/in


COMMENTARY

The cybersecurity landscape, particularly within the Microsoft 365 ecosystem, constantly evolves. Recent incidents involving major tech companies and cybersecurity firms highlight a critical reality: Understanding security best practices for Microsoft 365 differs from implementing them effectively.

Kaspersky reports that 2023 saw a 53% increase in cyber threats targeting documents, including Microsoft Office documents, daily. Attackers tended to use riskier strategies, like breaking into systems covertly through backdoors. In one instance, a non-production test account lacking multifactor authentication (2FA/MFA) was exploited, while in another, a backdoor was added to a file, leading to a supply chain attack.

These incidents serve as stark reminders that even low-risk accounts and trusted updates within Microsoft 365 can become vectors for security breaches if they’re not adequately protected and monitored. Despite organizations’ deep expertise, those targeted organizations fell victim to advanced cyberattacks, emphasizing the crucial need for diligent application of security measures within the Microsoft 365 space.

The Role of AI in Governance

Artificial intelligence (AI) has grown tremendously over the past few years, and it can now be found in almost every facet of technology. In this transformative era of AI and large language models (LLMs), advanced AI models can be leveraged to enhance cloud security measures. AI is more than on its way to becoming standard practice, and organizations have no choice but to embrace it. By fine-tuning AI algorithms for expert domain knowledge, AI can provide organizations with actionable insights and predictive capabilities to proactively identify and address potential security threats before they become an issue. These kinds of proactive strategies empower organizations to safeguard their digital assets effectively.

On the other hand, AI also increases the need for heightened cloud security. Just as the good guys are using AI to advance technology practices, hackers also use AI to uncover new organizational vulnerabilities and develop more sophisticated attacks. Open source LLM models available on the Internet can be leveraged to…

Source…