Microsoft recently confirmed that an account belonging to one of their employees was compromised by the Lapsus$ hacking group, which allowed them to abscond with portions of the company's source code.
Yes, you read that correctly. Microsoft got hacked. They now join the latest in a seemingly unending parade of large tech companies to have been hacked by well-organized hackers.
In this case, the attackers made off with a head-spinning 37 GB of data. Most of it was in the form of source code for a wide range of internal Microsoft projects including those for Bing, Cortana, and Bing Maps.
The company had this to say about the incident:
"No customer code or data was involved in the observed activities. Our investigation has found a single account had been compromised, granting limited access. Our cybersecurity response teams quickly engaged to remediate the compromised account and prevent further activity.
Microsoft does not rely on the secrecy of code as a security measure and viewing source code does not lead to elevation of risk. The tactics DEV-0537 used in this intrusion reflect the tactics and techniques discussed in this blog.
Our team was already investigating the compromised account based on threat intelligence when the actor publicly disclosed their intrusion. This public disclosure escalated our action allowing our team to intervene and interrupt the actor mid-operation, limiting broader impact."
An investigation into the matter is ongoing but already the company has assessed its own processes and is making changes to further bolster their security.
They recommend doing the following:
- Strengthen MFA implementation
- Require Healthy and Trusted Endpoints
- Leverage modern authentication options for VPNs
- Strengthen and monitor your cloud security posture
- Improve awareness of social engineering attacks
- Establish operational security processes in response to DEV-0537 (Lapsus$) intrusions
No one is safe, but kudos to Microsoft for their transparency here and for publishing specific steps that others can take to help minimize their risks.
________________________________________________________________________________________________________
"Fortune Favors Who Value Time over Money!"
"TeQ I.Q. was the 1st IT Company to Deliver Cloud Solutions since 2003"
Tech issues taking up your Time?
"TeQ I.Q. Makes Your Technology Simple and Easy"
Do you have Tech Frustrations like your Computer, Internet, Phone, Cellphone, Camera, TV, Car?
"We Take Away Your Tech Frustrations and Give You the Free Time You Deserve!"
Call Robert to ask all your Technology questions.
We are giving a Free in Person TeQ Seminar at our office in La Mesa every Wednesday from 12pm-1pm and a Free TeQ Support Q&A from 1pm-2pm. Go to https://www.teqiq.com/events for our upcoming Events and https://www.teqiq.com/seminars for info on each Seminar.
For Free Consultation Call Now Robert Black at (619) 255-4180 or visit our website https://www.teqiq.com/
Chase Bank and Others Trust TeQ I.Q. with their IT and TeQnology so can you!
