Microsoft reported a cyber incident yesterday. The attack used a password spray attack to gain access to a legacy non-production test tenant. The attacker then got access to email accounts of microsoft employees, including those of senior leadership members. This raises many questions of course, but more interestingly it impacts the security decision making in microsoft, and we should all take a good look at this in our organisations. From the microsoft blog: “As we said late last year when we announced Secure Future Initiative (SFI), given the reality of threat actors that are resourced and funded by nation states, we are shifting the balance we need to strike between security and business risk – the traditional sort of calculus is simply no longer sufficient. For Microsoft, this incident has highlighted the urgent need to move even faster. We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes.” https://lnkd.in/eP4zdZna
Hi Martijn, like always thank you for sharing your insights. Business before security do you believe this will change due to incidents like this OR that we as a security industry will mature and will improve our articulation of the business risk? (instead of using fear always?) Looking forward to your view here to understand what we as security leaders can do.
Reflecting on Dr. Martijn Dekker's insightful post about the Midnight Blizzard breach at Microsoft, a few critical points stand out: Basics are Crucial: The simple password spray attack leading to the breach is a stark reminder to always reinforce basic security in our systems. Know Your Enemy: The involvement of a nation-state actor highlights the need for advanced understanding and preparation against sophisticated cyber threats. Security First: Microsoft's decision to prioritize security enhancements, even at the cost of convenience, aligns with my belief that security must be our top priority. A Note for Businesses: This breach is a clear warning for businesses of all sizes to strengthen password security and invest in regular cybersecurity training. Beyond Technology: This incident reinforces that effective cybersecurity involves people and processes, not just technology!
As the proverbial saying goes, Security enables business, and therefore, business takes precedence. With this incident and maybe more on the horizon, it's clear we need to lean more towards making security a top priority. It's about making smart decisions from the top to keep the business going while still putting security first.
Lots of attention on who did it, almost suggesting sort of asymmetric situation. Little attention on the seemingly simple way of exploitation. Below standard security, that is what is smells like. And...then the step to the compromised accounts is also dodgy.
This could happen to any organization. However, because Microsoft is also a vital security vendor, it will be challenging to excuse these blunders.
Dank voor het delen Martijn.
Thanks for sharing, Martijn.
Managing technology risk and control to enable safe, secure and resilient outcomes in financial services. Views expressed are my own.
7moI’m very interested in the response from ms; password spray would infer a password was known or somehow retrieved and then reused. And also that this non prod environment was externally exposed. Maybe I’m missing something?