For the first time in the history of Microsoft, a cyberattack has left hundreds of executive accounts compromised and caused a major user data leak as Microsoft Azure was attacked.
According to Proofpoint, the hackers use the malicious techniques that were discovered in November 2023. It includes credential theft through phishing methods and cloud account takeover (CTO) which helped the hackers gain access to both Microsoft365 applications as well as OfficeHome.
every day i lose my mind a little more at how much trust hundreds of thousands of companies across the world place in third parties like microsoft to handle literally all of their sensitive data, as if that could be a good idea in any universe
Not just companies. Governments. I know of entire governmental departments that run exclusively off of a M$ environment. People who deal with capital C Confidential information are backing it up into OneDrive. It’s lunacy.
While I don’t disagree it’s dangerous, most companies handling their own data would likely do a lot worse, just with smaller chance of being targeted.
That’s a fair point to be honest but it would mean more job openings for me, so… /j
The reason why so many people fell for this attack was because it was carried out through malicious links embedded in documents. These links led to phishing websites but the anchor text of these links was “View Document”. Naturally, no one was suspicious of a text like that.
On one hand, I know we shouldn’t blame people for falling for this stuff. People are often not educated well enough on the dangers and it’s not reasonable to expect it. We should build things to be systematically secure even in the face of people falling for phishing.
On the other hand it’s difficult not to be frustrated with this kind of thing… People really should know better than clicking random links and typing their password.
Azure products ask you for your identity and signin a lot. Honestly, I’m asked to log in again at least once every 24 hours. That’s assuming I don’t traverse some sort of service wall where I’m now in a different system after clicking a link.
I do cloud engineering for a living, and I would probably fall for at least some phishing things around Azure, specifically because azure identity management is so obtuse and constantly asking for things.
It’s absolutely on the system that Microsoft designed , and the practices they encourage, and the mitagations that apparently don’t exist.
Thank you. Security verification has become so cumbersome that people just try to push through without thinking.
