It has emerged that senior executives at Microsoft had their emails hacked and monitored by Russian threat actors for nearly 2 months.
Microsoft network breached through password-spraying by Russian-state hackers | Ars Technica
The attack was not sophisticated. The threat actors – Midnight Blizzard – using nothing more than a publicly available list of email addresses, sprayed the M365 logins for these email addresses with a password list. The account that was using weak password and no MFA was breached. Once in the associated privileges were exploited and it appears that this account had too many privileges!
This has happened before at Microsoft!
Microsoft finally explains cause of Azure breach: An engineer’s account was hacked | Ars Technica
Your Takeaway
- Manage all the accounts associated with your organisation – not just your Microsoft accounts.
- Enforce the “principle of least privilege”.
- Read my Password Primer and implement steps to improve your organisation’s password policies.
- …do not forget about MFA. I have a primer for that as well.
- Get help and advice if you cannot do this yourselves.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Please Note:
I am on leave so the news this week is “in brief”. You can still contact me via the contact page and Octagon Technology.