CONTACT
LOGIN

blog post

Groundhog Day in Redmond

On January 12th, Microsoft revealed a significant cybersecurity breach (again). The company disclosed that a notorious Russian hacking group, Midnight Blizzard, aka Nobelium, had infiltrated the email accounts of some of its senior leaders.

The attack, which occurred in November, went unnoticed until mid-January, showcasing the stealth and persistence of the attackers, and how right of bang we remain from a detection POV, even among the cybersecurity “market leaders”.

Midnight Blizzard, identified is a state-sponsored group, with access to a small but significant portion of Microsoft’s internal communications. This revelation came through a detailed post on Microsoft’s official blog. The company “clarified” that the attack was not due to any vulnerabilities in their products or services, but rather a “sophisticated” cyberattack from the group.

When folks use the term “sophisticated” in describing cyber-attacks, they are usually hiding facts – facts, that if disclosed would reveal open and un-attended vulnerabilities that a script-kiddie could kill. Also, Microsoft refers to this attack as a breach, but the term breach is technically reserved for events where data was exfiltrated, which is not yet the claim in this case.

Been There; Done That

This is not the first instance of Midnight Blizzard making headlines. They were previously implicated in a series of high-profile cyberattacks in 2020, which targeted major US departments including the Treasury and Commerce, as well as the Pentagon and several Fortune 500 companies.

In a proactive move last August, Microsoft had warned its users of phishing attempts that were disguised as Microsoft Teams chats, originating from the same group. The latest attack involved a method known as a password spray attack, where the hackers attempted common passwords on multiple accounts.

Password Re-Use: Bad.

With as many breaches as we have had over the last two years, it would be easy to discover employee passwords from other hacked accounts which most folks re-use, and leverage those to break into Microsoft accounts

Reflecting on the incident, Microsoft emphasized the evolving nature of cyber threats, particularly those backed by nation-states. The company acknowledged the need for a revised approach to balance security with business risk. Yadayadayada.

Dive into Human Risk Management and stop re-using your old passwords.

Author

Steve King

Managing Director, CyberEd

King, an experienced cybersecurity professional, has served in senior leadership roles in technology development for the past 20 years. He has founded nine startups, including Endymion Systems and seeCommerce. He has held leadership roles in marketing and product development, operating as CEO, CTO and CISO for several startups, including Netswitch Technology Management. He also served as CIO for Memorex and was the co-founder of the Cambridge Systems Group.

 
Tagged

CyberEd.io is reinventing traditional security awareness training with continuous Human Risk Management. In addition, our course catalog is rich with relevant content for C-suite execs, CISOs, senior practitioners to entry level and employees typically not involved with cybersecurity in their daily job duties. All content is updated weekly.  

We build Cyber-Warriors at every level. 

+1-609-356-1499 | info@cybered.io

Sign Up for our newsletter

Facebook


© 2024 Information Security Media Group, Corp. | About ISMG | Privacy & GDPR Statement

Get In Touch!

Leave your details and we will get back to you.