DailyPost 2837
MICROSOFT HACKED!
There are a couple of cyber world truisms we will start with, the first being hacking is the new normal. It’s just a matter of time. Now Microsoft is also on the chopping block. The second truism is that the a hack gets known long after it has actually happened. And third is the company / enterprise that is hacked remains economical with the truth both on the impact of the hack and on the nature of efforts being made to set it right. Primarily, you can call it damage control. In this very same exercise, Microsoft has informed customers that Russian hackers spied on emails.
The three main events of a cyber attack have a long gap between them and that is turning out to be a major handicap to move in the right direction and that too fast. See in the Microsoft case, the company first disclosed the intrusion around six months back and now on last Thursday told customers emails were stolen. This might not be the final disclosure. The tragedy is that the exact dates of intrusion still remains unknown. Breach to detection time imbroglio. This is the Pandora’s box which they are trapped into. The current disclosure is that the hackers who broke into Microsoft’s systems and spied on staff inboxes also stole email from its customers.
It has to be presumed that transparency has been maintained in the public pronouncements and that it has not been a calibrated release of information to bring down the impact of the hack. Now the breadth of the breach is known. All this leaves the company facing increasing regulatory scrutiny. The issue revolves around the security of Microsoft’s software and systems against foreign threats. Last year too, Microsoft was breached in which allegedly a Chinese hacking group stole thousands of US government emails. It is a messy world both for the hacker and the hacked.
The Russian government has not responded to this revelation. Microsoft said that the hackers targeted cybersecurity researchers who had been investigating the hacking group. The customers who corresponded with Microsoft corporate email accounts exfiltrated by the Midnight Blizzard threat actor have been informed. What is fascinating is that there in no information in the public domain on how many customers had been impacted and / or how many emails have been stolen. In January, Microsoft has told a very small number of company’s corporate email accounts were accessed. It said four months later that those hackers were still trying to break in, making many question why Microsoft’s systems remained vulnerable.
MICROSOFT BREACH YET AGAIN PROVES EVERYTHING IS BREACHABLE.
Sanjay Sahay
Have a nice evening.