In an unprecedented event, Microsoft Azure experienced a significant cyberattack, resulting in the compromise of numerous executive accounts and a substantial data leak. This marks a first in Microsoft’s history.
Proofpoint reports that the attackers employed malicious tactics identified in November 2023. These tactics encompassed phishing-based credential theft and cloud account takeover (CTO), enabling the attackers to infiltrate both Microsoft 365 and Office Home applications.
The attack’s success can be attributed to the use of deceptive links embedded within documents. These links, labeled as “View Document”, redirected users to phishing sites, leading to the widespread compromise of accounts.
Unsurprisingly, the text raised no alarms. To conceal their whereabouts and overcome geographical limitations, it’s likely that the hackers utilized proxy services.
“It is believed that accessing these accounts would give them wider access to everything across the organization.”
While critical user data was indeed compromised, the primary targets of the attack were mid-level and senior executives, including financial directors, operations vice presidents, presidents, sales directors, account managers, and CEOs.
The attack’s main objectives were identified as financial fraud and data theft. The situation was further complicated when the hackers potentially tampered with the multi-factor authentication system upon gaining access.
This could mean that they either altered the recovery phone number to prolong the user lockout or installed an app authenticator to permanently exclude the original account owner. Further details regarding the attack’s impact are still forthcoming.
The attackers have been traced back to groups in Russia and Nigeria. However, this is merely an assumption based on their usage of local fixed-line ISPs in these countries. The remaining details are yet to be uncovered.
Microsoft’s Inadequate Security Measures
In August of the previous year, Amit Yoran, the CEO of cybersecurity firm Tenable, criticized Microsoft for its inadequate security protocols. He described the company’s cybersecurity history as ‘far worse than one might imagine.’
Yoran further highlighted Microsoft’s ‘consistent pattern of lax cybersecurity practices,’ which have repeatedly resulted in numerous data breaches. These breaches have impacted individuals and organizations alike, even enabling the Chinese government to conduct surveillance on the US government and its citizens.
“These attacks not only affected 25 organizations but also led to the theft of sensitive emails from US government officials”
Yoran even provided an example to substantiate his claims. On July 12, Microsoft disclosed another Azure data breach, allegedly perpetrated by Chinese hackers.
The severity of the attack prompted Senator Ron Wyden (D-OR) to pen a letter to the US Department of Justice, calling for Microsoft to be held accountable.
Moreover, Yoran reportedly uncovered an additional security vulnerability in their system and alerted the company. However, he claimed that it took them 90 days to address the issue, and even then, only a partial fix was released that would safeguard newly downloaded apps. The problem was promptly resolved after Yoran publicized it online.
Security breaches are becoming increasingly prevalent not just in Microsoft, but in numerous other tech companies. This has led the US government to mandate greater transparency from companies regarding their security issues and to disclose significant data breaches.
Cybersecurity is a vital aspect of any business
At NUMENTIS, we offer a range of cybersecurity solutions that can help you safeguard your data, systems, and reputation. Whether you need managed IT services, cloud services, VoIP, or cybersecurity solutions, we have the expertise and the tools to meet your needs. We can help you design, implement, and support your IT infrastructure, ensuring that it is highly available, securely protected, and optimized for maximum performance.
Don’t let cyber threats put your business at risk. Contact us today and get a free consultation on how we can help you secure your business. We are a Canadian-owned Managed Services provider that has been serving clients in Mississauga, Toronto, Oakville, and beyond for over 20 years. We are committed to providing you with the best service and the best results. Don’t wait, get in touch with us today and let us help you defend your business from cyber attacks.