Microsoft is getting a lot of attention with SolarWinds hacking campaigns


Boston (AP) — Vast, months Hacking campaign Considered a serious threat to U.S. national security, the company became known as SolarWinds, a Russian intelligence agency for software updates that secretly seeded malware that infiltrated sensitive governments and private networks. ..

Still, cyber espionage relentlessly abused it during the second phase of the campaign, traversing high-value target emails and other files, such as then-Department of Homeland Security chief Chadwolf, and detecting it across the victim’s network. It was Microsoft that flew around without it.

This has attracted the attention of the world’s third most valuable companies. The product is a de facto single culture of government and industry, with a market share of over 85%, so federal lawmakers say Microsoft should provide security in the first place without letting taxpayers escape. Insists on a quick upgrade to what you have.

To alleviate concerns, Microsoft last week provided all federal agencies with a year of “advanced” security features at no additional charge. However, we also aim to distract criticism by saying that it is the customers who do not always prioritize security.

Biden administration Sanctions imposed Six Russian IT companies said Thursday that they would help hack the Kremlin. The most prominent was Positive Technologies. It is one of more than 80 companies that provided Microsoft with early access to data on vulnerabilities detected in its products. After announcing the sanctions, Microsoft said Positive Tech was no longer participating in the program and removed its name from the website’s list of participants.

SolarWinds hackers are taking advantage of what George Kurtz, CEO of cybersecurity leader CrowdStrike, has called “systematic weaknesses” in key elements of Microsoft code, at least nine U.S.A. Mined government agencies (such as the Department of Justice and the Ministry of Finance). Over 100 private sector companies and think tanks, including software and telecommunications providers.

Abuse of Microsoft by SolarWinds hackers Identity and access architecture According to the nonpartisan Atlantic Council think tank, verifying the user’s identity and granting access to email, documents, and other data caused the most dramatic damage. In the report. It made the hack stand out as an “extensive intelligence coup.” In almost all cases of post-intrusion pranks, intruders quietly moved Microsoft products that “vacuate emails and files from dozens of organizations.”

Intruders can jump between organizations or move laterally, thanks in part to Carte Blanche, who granted the victim’s network to infected Solarwinds network management software in the form of administrator privileges.They use it Sneak in Cyber ​​security companies Malwarebytes and Mimecast, Email security company.

A “feature” of the campaign is the intruder’s ability to impersonate legitimate users and create counterfeit credentials, said Brandon Wales, acting director of cybersecurity infrastructure and security agencies, at a parliamentary hearing in mid-March. .. .. “It’s all because it broke the system that manages trust and identity on the network,” he said.

Microsoft President Brad Smith said at a parliamentary hearing in February that only 15% of victims Authentication vulnerabilities first identified in 2017 — Allows an intruder to impersonate an authorized user by creating something similar to a forged passport.

Microsoft officials have emphasized that the SolarWinds update was not always the entry point. Intruders could exploit vulnerabilities such as weak passwords and the lack of multi-factor authentication for victims. But critics say the company overlooked security. Democratic Senator Ron Weiden said Microsoft did not provide federal agencies with at least the level of “event logs” that would have provided respondents with any record if they did not detect an ongoing SolarWinds hack. Orally blamed. What were the intruders, what they saw and removed.

“Microsoft chooses the default settings for the software it sells. We’ve known for years the hacking techniques used against US government agencies, but we need them to identify ongoing hacks. We didn’t set the default log settings to get the information, “said Weiden. Said. He wasn’t the only one to complain.

When Microsoft announced Wednesday Year of Free Security Logging for Federal Agencies, I usually charge for insurance, but Weiden wasn’t soothed.

“This move is far less than what is needed to make up for Microsoft’s recent failure,” he said in a statement. “The government will not be able to access important security features without giving more money to the same company that created this cybersecurity sinkhole.”

Rep. Jim Langebin (DR.I.) pressured Smith on security log upsells in February, comparing it to creating car seatbelt and airbag options that should be standard. He gave Microsoft a year’s grace, but said long-term conversations would be “not the center of profit.” “This buys us a year,” he said.

However, even the highest levels of logging do not prevent intrusion. It only makes it easier to detect them.

And remember, many security professionals say Microsoft Endangered in itself By a SolarWinds intruder who accessed some of its source code-the jewel of its crown. A complete suite of Microsoft security products, and some of the industry’s most skilled cyber defense experts, failed to detect ghosts in the network. FireEye, the first cybersecurity company to detect a hacking campaign in mid-December, warned of its own breach.

An intruder into an unrelated hack on a Microsoft Exchange email server released in March (because of a Chinese spy) used a completely different method of infection. However, it immediately gained a high level of access to the user’s email and other information.

Microsoft’s investment in security is widely recognized throughout the industry. Often, the first thing to do is identify the major cybersecurity threats. The visibility to the network is very good. However, many argue that as a major supplier of security solutions for their products, they need to pay more attention to how much they should benefit from defense.

“At the heart of it is that Microsoft sells you illnesses and cures,” said a cybersecurity veteran who has built a career in finding vulnerabilities in Microsoft products and has a new startup in a job called BinMave. Said Mark Maifre. Reuters last month paid Microsoft $ 150 million for a “secure cloud platform” to $ 650 million allocated to cybersecurity and infrastructure security agencies in last month’s $ 1.9 trillion pandemic remedy. Reported that it was included in the draft summary spent.

A Microsoft spokesperson asked a cybersecurity agency a question and didn’t say how much money he could get. Agency spokesman Scott McConnell didn’t say so either. Langebin said he didn’t think the final decision was made.

During the budget year ending September, the federal government spent more than $ 500 million on Microsoft software and services.

Many security experts value user convenience over security Microsoft’s single sign-on model modifies state-sponsored hackers to reflect the routinely raging world on the U.S. network I believe it’s ripe.

Alex Weinert, Microsoft’s Director of Identity Security, said Various ways for customers to severely restrict user access What they need to do their job. However, it can be difficult for a customer to succeed, as it often means abandoning 30 years of IT habits and disrupting the business. He said customers tend to configure too many accounts with a wide range of global administrative privileges that allowed them to abuse the SolarWinds campaign. “It’s not the only way they can do it, it’s for sure.”

From 2014 to 2015, loose restrictions on access allowed Chinese spies to steal sensitive personal data. Over 21 million current, former, and future federal employees of the Human Resources Department.

Curtis Dukes was the Information Assurance Officer of the National Security Agency at the time.

OPM is currently managing a non-profit Internet security center, using Microsoft’s authentication architecture to share data across multiple institutions and grant access to more users than safely needed. Director Dukes said.

“People took their eyes off the ball.”

Posted on