Employee: Microsoft gives us a 50% "discount" vs the competition but they may get hacked easier.. incentive brain mode: if i save 50%, I may get a raise. If MS gets hacked, then "everyone suffers, so it's not like I'll get the blame for this decision"... Azure 100%!!!
I'm not terribly sure if it's really more MS lack of security posture vs. being a big target as they hold a lot of juicy government targets, etc.. so my comment isn't really to beat up on MS because who knows the key flaw that got them inside yet?
I've never understood how it's determined that it's a Russian hacking group that did this or any cyber attack. If it's so well understood what a Russian attack looks like, wouldn't it be trivial to make any attack look Russian? And if it's not so clear what a Russian-specific attack looks like, how can we be so confident all the time that it's undoubtedly Russian?
It is based on various attribution factors. But since it is typically easier to point at the currently hated scapegoat and be done with it, the quality of these attribution factors leaves much to be desired.
"The decision not to mandate VPN usage in Russia, especially given their statement “it is extremely unlikely that there will be any problems”, suggests a possible collaboration between the NoName057(16) group and the Russian state."
I imagine you've also heard of attributions like "Cyrillic layout" (used all over eurasia) or "IP pool associated with a Russian AS" (as if VPS renting isn't a thing or commodity routers in Russia aren't hackable and can't be forced into a botnet)
I think that's BS because if I Google that exact question it tells me how. You don't understand because you either don't want to understand or haven't taken any time at all to research the topic.
It's also not always Russia, there were two cyber attack headlines yesterday and neither appeared to be state actors.
Yikes. I use outlook for work. If it gets hacked I couldn’t care less, it’s on my employer between security policies and how they decided to use MS stuff. Personally, I would never trust MS with any my own stuff.
I imagine the attribution factors were something along "we saw IPs associated with Russian ISPs and cloud providers" or "parts of their infra were accessible from Russia without using VPN".
First it was "a very small percentage of Microsoft corporate email accounts" (their C-suite executives and security teams) and "To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems."
Then it was "access to some of the company's source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised."
> This week we are continuing notifications to customers who corresponded with Microsoft corporate email accounts that were exfiltrated by the Midnight Blizzard threat actor
My interpretation is that they are notifying customers who corresponded with compromised Microsoft accounts, not that they are saying customer-use email systems were compromised. Do you read that differently?
[+] [-] gundmc|1 year ago|reply
[+] [-] adra|1 year ago|reply
Employee: Microsoft gives us a 50% "discount" vs the competition but they may get hacked easier.. incentive brain mode: if i save 50%, I may get a raise. If MS gets hacked, then "everyone suffers, so it's not like I'll get the blame for this decision"... Azure 100%!!!
I'm not terribly sure if it's really more MS lack of security posture vs. being a big target as they hold a lot of juicy government targets, etc.. so my comment isn't really to beat up on MS because who knows the key flaw that got them inside yet?
[+] [-] steve1977|1 year ago|reply
[+] [-] Joel_Mckay|1 year ago|reply
After a while you will stop caring too... it happens to everyone eventually. =3
[+] [-] 93po|1 year ago|reply
[+] [-] foverzar|1 year ago|reply
E.g. https://blog.sekoia.io/noname05716-ddosia-project-2024-updat...
"The decision not to mandate VPN usage in Russia, especially given their statement “it is extremely unlikely that there will be any problems”, suggests a possible collaboration between the NoName057(16) group and the Russian state."
I imagine you've also heard of attributions like "Cyrillic layout" (used all over eurasia) or "IP pool associated with a Russian AS" (as if VPS renting isn't a thing or commodity routers in Russia aren't hackable and can't be forced into a botnet)
[+] [-] jononor|1 year ago|reply
Just blaming public enemy of the day. Knowing who actually did it I difficult and not really important either.
[+] [-] 2OEH8eoCRo0|1 year ago|reply
It's also not always Russia, there were two cyber attack headlines yesterday and neither appeared to be state actors.
[+] [-] fernandomm|1 year ago|reply
[+] [-] grugagag|1 year ago|reply
[+] [-] foverzar|1 year ago|reply
[+] [-] dralley|1 year ago|reply
First it was "a very small percentage of Microsoft corporate email accounts" (their C-suite executives and security teams) and "To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems."
Then it was "access to some of the company's source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised."
And now this.
[+] [-] brookst|1 year ago|reply
My interpretation is that they are notifying customers who corresponded with compromised Microsoft accounts, not that they are saying customer-use email systems were compromised. Do you read that differently?
[+] [-] chinathrow|1 year ago|reply
[+] [-] unknown|1 year ago|reply
[deleted]