DailyPost 2724
MICROSOFT – SOURCE CODE BREACH
There are no big and mighty as far as the hackers are concerned. Their job is to make everybody look proletarian and at the end of it show then as not competent enough to defend their resources, creating doubts on the company and also the whole sector to keep its house in order. Microsoft Office Suite was one of most attacked software, but that was on the customer facing side and most of the attacks were localized and did raise any doubts on the cyber security stance of the company and did not impact is growth trajectory. This is company is valued in the range of $3 trillion today.
Microsoft has been trying to bolster its software security in the wake of severe Azure cloud breaches. Attacks of this nature throw doubts on cloud security as it is the second most valued company globally. It has also seen compromise of 30,000 organizations’ email servers due to a flaw in Microsoft Exchange Server. Another embarrassing breach for the company was when Chinese hackers breached US government mails via Microsoft cloud exploit. As if all this was not enough now, we have an security breach incident headline stating, “Microsoft discloses source code theft by Russian hackers.”
Microsoft’s woes don’t seem to end anytime in the near future. Microsoft in a shocking revelation made known to the world that the same group responsible for the infamous SolarWinds attack, penetrated into its systems again, ending up in the theft of source code. Source code is the ultimate software asset and it the most valued for any company. Microsoft has seen evidence that Midnight Blizzard has used earlier infiltrated information to gain or attempt to gain unauthorized access. Beyond email infiltration by this breach the hacker gained access to certain source code repositories and internal systems.
Midnight Blizzard used a password spray attack, a brute force method, exploited a vulnerability is Microsoft systems. “Exploiting a non-production tenant account lacking two factor authentication, Nobelium gained entry into Microsoft’s networks. As expected, Microsoft has ramped up its security measures and investments. Vigilance across the enterprise has been increased. The aim is to have enhanced ability to defend the enterprise. To reach this goal the exercise which is to secure and harden the software / systems environment, against any advanced persistent threat of this nature. It is a testing time for the company for sure.
CYBER SECURITY NEEDS ACROSS ENTERPRISE COLLABORATION THAT DOES NOT SEEM TO BE ON THE ANVIL.
Sanjay Sahay
Have a nice evening.