Microsoft Says New Breach Discovered In Probe of Suspected SolarWinds Hackers (reuters.com) 23
An anonymous reader quotes a report from Reuters: Microsoft said on Friday an attacker had won access to one of its customer-service agents and then used information from that to launch hacking attempts against customers. The company said it had found the compromise during its response to hacks by a team it identifies as responsible for earlier major breaches at SolarWinds and Microsoft. Microsoft said it had warned the affected customers. "A sophisticated Nation-State associated actor that Microsoft identifies as NOBELLIUM accessed Microsoft customer support tools to review information regarding your Microsoft Services subscriptions," the warning reads in part. The U.S. government has publicly attributed the earlier attacks to the Russian government, which denies involvement.
After commenting on a broader phishing campaign that it said had compromised a small number of entities, Microsoft said it had also found the breach of its own agent, who it said had limited powers. The agent could see billing contact information and what services the customers pay for, among other things. "The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign," Microsoft said. Microsoft warned affected customers to be careful about communications to their billing contacts and consider changing those usernames and email addresses, as well as barring old usernames from logging in. Microsoft said it was aware of three entities that had been compromised in the phishing campaign. It did not immediately clarify whether any had been among those whose data was viewed through the support agent, or if the agent had been tricked by the broader campaign. Microsoft did not say whether the agent was at a contractor or a direct employee.
After commenting on a broader phishing campaign that it said had compromised a small number of entities, Microsoft said it had also found the breach of its own agent, who it said had limited powers. The agent could see billing contact information and what services the customers pay for, among other things. "The actor used this information in some cases to launch highly-targeted attacks as part of their broader campaign," Microsoft said. Microsoft warned affected customers to be careful about communications to their billing contacts and consider changing those usernames and email addresses, as well as barring old usernames from logging in. Microsoft said it was aware of three entities that had been compromised in the phishing campaign. It did not immediately clarify whether any had been among those whose data was viewed through the support agent, or if the agent had been tricked by the broader campaign. Microsoft did not say whether the agent was at a contractor or a direct employee.
SolarWinds (Score:4, Informative)
SolarWinds outsourced their development to eastern Europe, and underpaid their developers. This is a company that is never going to be secure. If you are still using them, it's time to move on.
Re: (Score:2)
The open-source one will be much better. ;-)
Re: (Score:2)
Yes it is [zabbix.com].
Re: (Score:3)
It doesn't matter where they outsourced/off-shored to. What matters is they didn't pay for the talent. There are talented people all over the world, and they know this so they will ask a price for their educational investment.
You can can have an onshore office, but refuse to pay for the talent, developers will walk, and their replacements will not be skilled, otherwise they'll be working for better compensation from your competition.
Re: (Score:2)
On the contrary! Solar Winds is going to have to beef up security in a big way, in order to win customers back. The spotlight has been intense. This was a wake-up call that will result in major improvements, or death for the company. I'd sooner use them now, then two years ago.
Re: (Score:2)
On the contrary! Solar Winds is going to have to beef up security in a big way, in order to win customers back.
They are not capable of that.
This was a wake-up call that will result in major improvements, or death for the company.
Based on people I've talked to, they are willing to use SolarWinds, even without improvements. Much like the Experian hack, the company will survive unfortunately.
Re: (Score:1)
On the contrary! Solar Winds is going to have to beef up security in a big way, in order to win customers back.
They are not capable of that.
And yet, you provide no alternative that can.
This was a wake-up call that will result in major improvements, or death for the company.
Based on people I've talked to, they are willing to use SolarWinds, even without improvements. Much like the Experian hack, the company will survive unfortunately.
Based on the size of the company and market they command, I'd say the parent is more correct than you are. The spotlight is on them, as opposed to every other vendor still drunk and high on the concept of It'll-never-happen-to-us.
Re: (Score:2)
And yet, you provide no alternative that can.
An alternative that is more secure than Solar Winds? Are you kidding me?
Re: (Score:2)
And yet, you provide no alternative that can.
An alternative that is more secure than Solar Winds? Are you kidding me?
Seems a few thousand companies felt they were plenty secure prior to a hack.
Ignorant companies who still haven't audited their code and assume they're more secure, will learn. Getting knocked down, isn't what matters, because that eventually happens to everyone. Getting back up, is what matters, and I'm simply saying they have plenty of resources to get back up.
And you still haven't provided an alternative.
Re: (Score:2)
And you still haven't provided an alternative.
I literally did in a different post. But I have confident in your search engine skills, also. You can find one. That is something you can do.
Getting back up, is what matters, and I'm simply saying they have plenty of resources to get back up.
They don't know how. Security isn't something you can bolt on as an afterthought. That is not a skill they have.
Re: (Score:2)
SolarWinds outsourced their development to eastern Europe, and underpaid their developers. This is a company that is never going to be secure. If you are still using them, it's time to move on.
Sounds like what you are saying is that it's time for the government to mandate software development security standards for all the software it uses.
Re: (Score:2)
I think there is definitely space where we can say "these things should not be done, and if you do them, you are liable." For example, no one should ever write an SQL injection exploit. That's just negligence.
Re: (Score:1)
Poppycock! How will we be able to protect ourselves from serious threats if we aren't allowed to demonstrate what they are?
I don't believe you (Score:2)
It seems unlikely that Microsoft claimed the hackers won.
Slashdot, you've been trolled by a pseudo-journalist who self-identifies as a "fanboy," and writes books about raves.
Microsoft and Solar Winds again (Score:2)
See? That's a real leak (Score:2)
Microsoft and its customers suffered damage, Microsoft and law enforcement are taking it very seriously.
This [slashdot.org] however isn't a real leak.
"Sophisticated Nation State Actor"? (Score:2, Informative)
Hardly needed. This is MS we are talking about here. You know the company that has messed up IT security time and again and seems to be unable to learn.
Re: (Score:1)
Who shall hack us today? (Score:2)