U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers

U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers

April 3, 2024 at 11:57AM

The U.S. Cyber Safety Review Board criticized Microsoft for security lapses leading to breaches in Europe and the U.S. The DHS found the breach preventable and faulted Microsoft for operational and strategic decisions. The breach occurred due to a validation error in Microsoft’s source code. Recommendations include modern control mechanisms and enhancing victim support mechanisms.

From the meeting notes, it is clear that the U.S. Cyber Safety Review Board (CSRB) has criticized Microsoft for security lapses that led to a breach affecting numerous companies. The breach was attributed to a China-based nation-state group called Storm-0558. The Department of Homeland Security (DHS) released findings pointing to preventable security failures and criticized Microsoft’s corporate culture for deprioritizing security investments.

The CSRB faulted Microsoft for not detecting the compromise on its own and not prioritizing the development of an automated key rotation solution. The breach originated from a validation error in Microsoft’s source code, allowing unauthorized access to multiple organizations and individual consumer accounts. Microsoft acknowledged that key material had been compromised, leading to the unauthorized access of Outlook emails.

The CSRB recommended cloud service providers to implement modern control mechanisms, adopt minimum standards for default audit logging, incorporate emerging digital identity standards, and improve incident and vulnerability disclosure practices to safeguard against state-sponsored threats. Additionally, it called for an update to the Federal Risk Authorization Management Program and special reviews of Cloud Service Offerings following high-impact situations.

The article also highlights Redmond’s expansion of free logging capabilities to U.S. federal agencies and statements from CSRB Acting Deputy Chair Dmitri Alperovitch regarding the threat actor responsible for the intrusion.

For more exclusive content, follow us on Twitter and LinkedIn.

Full Article