Microsoft investigates if Exchange attack is an inside job, feds tighten security

Microsoft is investigating whether a possible leak worsened the attacks on the Exchange server, as the Biden Administration outlined plans to bolster the government’s cybersecurity.

The tech giant is specifically launching an investigation to examine whether “sensitive information” was leaked through private disclosures Microsoft made with some of its security partners. The Wall Street Journal reported Monday.

More specifically, the company is investigating whether proof-of-concept code privately sent by Microsoft to members of its Microsoft Active Protection Program (MAPP) was leaked, either intentionally or accidentally. There are about 80 organizations that participate in MAPP.

In early March, Microsoft issued emergency patches for four zero-day vulnerabilities on Exchange email servers that were being actively exploited.

Microsoft identified problems in January and shared the proof-of-concept attack code with at least some MAPP partners on February 23, before the patches were released. Research indicates that some of the tools used in Exchange attacks have “similarities” to private code.

The Exchange attacks targeted at least 30,000 organizations in the US, including many prominent companies. The initial wave of attacks was carried out by a Chinese hackers group called Hafnium, but the vulnerabilities are now being exploited by other criminal organizations as well.

On March 11, a security researcher briefly posted proof-of-concept code that exploits vulnerabilities in Microsoft-owned GitHub. That code was quickly removed. Just a day after that, security researchers and federal agencies began warning that the vulnerabilities were being used to deliver ransomware onto compromised machines.

In the wake of the Microsoft Exchange campaign and the SolarWinds attack in late 2020, the government is taking action. On March 12, the White House released a transcript of a briefing between members of the press and a senior administration official outlining its plans to respond to cybersecurity incidents.

The senior official says the Biden Administration wants to prioritize security in the way American companies build and buy software. The centerpiece of its cybersecurity response will reportedly focus on closer collaboration with the private sector.

“Today, the cost of unsafe technology is paid in the end: for incident response and cleanup. And we truly believe that it will cost us much less if we build it from scratch,” the official said.

Additionally, the official added that the government is currently in week three of a four-week remediation in response to the Exchange and SolarWinds attacks.

“All the agencies involved were tasked with conducting a particular set of activities and then tasked with having an independent review of their work to ensure that we were sure that the adversary had been eradicated,” the official said. . “Most agencies have completed that independent review. For those that have not yet done so, they will complete it by the end of March.”

Stay on top of all Apple news right from your HomePod. Say “Hey Siri, play AppleInsider” and you’ll get the latest AppleInsider podcast. Or ask your HomePod mini “AppleInsider Daily” instead and you’ll hear a quick update straight from our news team. And, if you’re interested in Apple-centric home automation, say “Hey Siri, play HomeKit Insider” and you’ll hear our new specialized podcast in a few moments.


Source link