Microsoft Is Latest Cyber Attack Victim -- Redmondmag.com

The Schwartz Report

Microsoft Is Latest Cyber Attack Victim

Microsoft joined a large parade of organizations to announce they are victims of hackers who've infiltrated and infected their systems with malware and/or stole data.

In recent weeks, The New York Times, Wall Street Journal, NBC News, Apple, Facebook and Twitter are just a handful to come out and say they've been hit. In a blog post late Friday, Matt Thomlinson, Microsoft's general manager for trustworthy computing security, revealed the attack it sustained was similar to those that hit Apple and Facebook. He said there was no evidence that customer data was stolen. Here's what he said:

"As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion.

Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing.

This type of cyberattack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries (see our prior analysis of emerging threat trends). We continually re-evaluate our security posture and deploy additional people, processes, and technologies as necessary to help prevent future unauthorized access to our networks."

Indeed the growing admissions by customers beg the question: Are we under siege more than we have been in the past? Or are companies putting aside their concern that such admissions are embarrassing and risk other liabilities, in order to ensure they are compliant with regulations that govern them? It's no doubt a combination of both.

When President Obama announced his cyber security directive earlier this month in his State of the Union Address, many IT security experts may have rolled their eyes, but it nevertheless appears to have raised the profile of the growing cyber threats and the urgency for organizations to work with the government without compromising customer privacy. It will be interesting to hear what Microsoft's corporate VP for trustworthy computing Scott Charney has to say in his RSA keynote address tomorrow.

Regarding Obama's cyber security directive, Charney echoed concerns that there needs to be a balance between cooperating and maintaining flexibility. In a Feb. 14 blog post two days after Obama's directive, here's what Charney had to say:

"It will remain important that government and industry work together to manage carefully the most significant risks to our most critical infrastructures. To that end, we must remain focused on the desired security outcomes and recognize that owners and operators of critical infrastructures must retain the flexibility to manage risks with agility, implementing practices and controls that are both practical and effective. Continued collaboration between the government and the private sector will be essential in ensuring the success of this Executive Order"

It's clear that the sophistication and determination of cyber attackers continues to rise dramatically. A months-long investigation by The Times last week alleges the origin of a spate of attacks coming from the Chinese military, a charge its government vehemently denies despite a deep trove of evidence pointing its way including a 76-page report from the cyber security consultancy Mandiant, based on extensive research.

Today The Times reported that in wake of President Obama's directive and the latest allegations, the administration is treading carefully not to call anyone out noting the sensitivities of challenging China's new president Xi Jinping. Equally sensitive are other purported purveyors of such attacks, such as those from Iran and Russia.

Nevertheless, the latest report "...illustrates how different the worsening cyber-cold war between the world's two largest economies is from the more familiar superpower conflicts of past decades -- in some ways less dangerous, in others more complex and pernicious."

No doubt this will take center stage at this week's annual RSA Conference 2013 and we'll be keeping you abreast on what you can do to protect yourself from the growing threats.

Posted by Jeffrey Schwartz on 02/25/2013 at 4:59 PM

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.