Microsoft admits Russian state hack still not contained. ‘This has tremendous national security implications’ - eviltoast

Interesting view on this situation.

  • JeeBaiChow@lemmy.world
    link
    fedilink
    English
    arrow-up
    74
    arrow-down
    2
    ·
    8 months ago

    Now we find out if linking all of the software into a single user id/ password on the Microsoft services was such a good idea.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      1
      ·
      8 months ago

      Yeah, and I thought our test accounts for our app was bad, but it is disabled in production and has limited permissions in our customer facing test environment. We still share credentials for it, but it’s only really useful if you’re already behind our VPN and only on test envs.

      This is a huge embarrassment for Microsoft.

      • JeeBaiChow@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        8 months ago

        Wonder if this has anything to do with windows telling me there was a problem with my Microsoft account, then making a mockery of the reset process.

    • IsThisAnAI@lemmy.world
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      7
      ·
      8 months ago

      As opposed to a ton of logins nobody can manage and monitor and are certainly held together with post it note passwords?

      I’ll take the SSO/saml challenges every time.

  • agent_flounder@lemmy.world
    link
    fedilink
    English
    arrow-up
    28
    arrow-down
    2
    ·
    8 months ago

    I wonder what’s making it so hard. Probably scope of the breach.

    Sounds like MS has their heads up their asses if execs got compromised and baddies are running rampant all over their network. I guess I’m kinda spoiled where I work.

    I’d love to be a fly on the wall and see what’s going on. Or, actually, cyber$ec con$ultant >:)

    Maybe that’s what I should do as my final gig before retirement. Hmm. I just need to find someone with actual charisma that can schmooze and find customers (since I’d sooner jump off a bridge). Get a handful of top notch cyber incident response and reverse engineering folks, few more engineers. I know I am going off topic but I need to dream if I am to survive Monday after the time change ok?? Let’s see… I would do 32 hour work weeks. Idk how that would play out working an incident, I guess shitloads of comp time and some way to keep from overloading people. Good bennies. 6 weeks of vacation a year. Hell, make it employee owned. WFH when and where possible (can’t really do an incident response 100% remotely, usually). Whaddya say, who’s in? Let’s make enough money to retire early. Fuck work.

    • antrobus@kbin.social
      link
      fedilink
      arrow-up
      21
      ·
      8 months ago

      I used to be paid money to be “someone with actual charisma”. It’s not worth it. It’s a Catch 22 - the people you need to validate your charisma in order to buy things are exactly the kind of people you became charismatic to avoid.

      Turns out it’s smarter to learn a skill that makes you indispensable, because there are only so many charismatic ways to say “fuck you” before the boss decides you’re a bad influence.

      • sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        7
        ·
        8 months ago

        Yup, my last boss was annoyed with me because I kept asking for 2 days remote/week so I could focus. I had moved my desk across the building to avoid interruptions, and one day I left “early” (before the rest of the team, but I had already been working 10 hours and finished my work) when there was a deadline and someone was stuck in a bug. I remoted in, fixed the problem quickly, and then the next day he called me into his office and “fired” me, with an offer to switch to a full-remote contractor with a small pay increase.

        So yeah, I was indispensable, otherwise he would’ve just fired me. It was a win-win because I didn’t like him or his wife (main reason I wanted to work remote) but liked the product, and he wanted to force everyone to work in the office because he and his wife were control freaks. The funny part is they “replaced” me with a full remote contractor (I was the manager until “fired”).

        Now I’m in a better spot with my current company (I like my boss, I manage a good team, company is more stable). But the only reason I got that special offer was because I was indispensable, at least for 2-3 years.

    • grue@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      ·
      8 months ago

      I wonder what’s making it so hard. Probably scope of the breach.

      My guess would be Microsoft’s apparent unwillingness to nuke their Internet connection from orbit and suffer extensive downtime while they clean out the compromised accounts. I mean, I get that that would be catastrophically bad for their business, but isn’t being thoroughly pwn3d by the Russians also catastrophically bad already?

      • timbuck2themoon@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        8 months ago

        They’re so engrained i feel like it’s not. There are far better solutions than Microsoft (just like the same in the network world and Cisco) but most won’t even entertain the idea.

    • Kbin_space_program@kbin.social
      link
      fedilink
      arrow-up
      5
      ·
      8 months ago

      I suppose one of the issues might well be the nature of software development careers for the last 15 years. Where its weird if you spend more than a few years at a place.

      One of the downsides is that you don’t get experts in systems and you lose a lot of that expert knowledge base that has traditionally existed when someone spends a decade at a company.

    • verity_kindle@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      4
      ·
      8 months ago

      Give the company a memorable name, please. Like “Leverage Indispensables” or “Main Engineering, Mayn!” Or “Detach The Saucer”.

  • Optional@lemmy.world
    link
    fedilink
    English
    arrow-up
    27
    arrow-down
    3
    ·
    8 months ago

    Cybersecurity experts said Microsoft’s admission that the SVR hack had not been contained exposes the perils of the heavy reliance by government and business on the Redmond, Washington, company’s software monoculture — and the fact that so many of its customers are linked through its global cloud network.

    “This has tremendous national security implications,” said Tom Kellermann of the cybersecurity firm Contrast Security. “The Russians can now leverage supply chain attacks against Microsoft’s customers.”

    Hello i’m the enterprise security, uh, guy, and i’ll remove 85-90% of your attack vectors in one pass.

    eliminates microsoft from enterprise

    There you go. Money, please.

    • Crack0n7uesday@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      edit-2
      8 months ago

      Good luck running that past upper management in a large global corporation. “The CTO used to work at Microsoft and only knows Windoze so that’s what we do here”. Lol.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    22
    ·
    8 months ago

    This is the best summary I could come up with:


    Microsoft said Friday it’s still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data.

    The hackers from Russia’s SVR foreign intelligence service used data obtained in the intrusion, which it disclosed in mid-January, to compromise some source-code repositories and internal systems, the software giant said in a blog and a regulatory filing.

    A company spokesman would not characterize what source code was accessed and what capability the hackers gained to further compromise customer and Microsoft systems.

    “The threat actor’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” Microsoft said Friday, adding that it could be using obtained data “to accumulate a picture of areas to attack and enhance its ability to do so.” Cybersecurity experts said Microsoft’s admission that the SVR hack had not been contained exposes the perils of the heavy reliance by government and business on the Redmond, Washington, company’s software monoculture — and the fact that so many of its customers are linked through its global cloud network.

    When it initially announced the hack, Microsoft said the SVR unit broke into its corporate email system and accessed accounts of some senior executives as well as employees on its cybersecurity and legal teams.

    Microsoft’s latest disclosure comes three months after a new U.S. Securities and Exchange Commission rule took effect that compels publicly traded companies to disclose breaches that could negatively impact their business.


    The original article contains 539 words, the summary contains 255 words. Saved 53%. I’m a bot and I’m open source!

  • verity_kindle@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    16
    ·
    8 months ago

    For once, the SEC does something right…that benefits me? It must be DST related hallucinations, is this real? Will it be forever?