Microsoft Says It Lost Weeks of Security Logs For Its Customers' Cloud Products (techcrunch.com) 35
Microsoft has notified customers that it's missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions. From a report: According to a notification sent to affected customers, Microsoft said that "a bug in one of Microsoft's internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform" between September 2 and September 19.
The notification said that the logging outage was not caused by a security incident, and "only affected the collection of log events." Business Insider first reported the loss of log data earlier in October. Details of the notification have not been widely reported. As noted by security researcher Kevin Beaumont, the notifications that Microsoft sent to affected companies are likely accessible only to a handful of users with tenant admin rights. Logging helps to keep track of events within a product, such as information about users signing in and failed attempts, which can help network defenders identify suspected intrusions. Missing logs could make it more difficult to identify unauthorized access to the customers' networks during that two-week window.
The notification said that the logging outage was not caused by a security incident, and "only affected the collection of log events." Business Insider first reported the loss of log data earlier in October. Details of the notification have not been widely reported. As noted by security researcher Kevin Beaumont, the notifications that Microsoft sent to affected companies are likely accessible only to a handful of users with tenant admin rights. Logging helps to keep track of events within a product, such as information about users signing in and failed attempts, which can help network defenders identify suspected intrusions. Missing logs could make it more difficult to identify unauthorized access to the customers' networks during that two-week window.
Shrug (Score:5, Funny)
You're hosted in Microsoft's cloud. You don't need logs to know you were hacked. Just assume you were hacked again and move on to the clean up and post mortem steps.
We're going to have to fix this (Score:2)
Suggestions
- Reduce attack surface area - limit cloud usage to as few cloud technologies as possible
- Weigh a balance between everything is a microservice and monolithic APIs. A point in between may be easier to manage, easier to deploy and less likely to fault/fail or be attacked
- Reduce or limit the number of libraries used in a solution to the minimum within reason
- Reduce the number of different technologies in the solution's technology stack when possible
- Get business justification why the mix of cl
Re: (Score:2)
While that is probably meant to be funny, MS actually has cloud security that is much worse than the competition:
https://www.cisa.gov/sites/def... [cisa.gov]
Re: Shrug (Score:2)
But muh Windoze docker containers! Where will I run them if not on Azure?!
Seriously, though. If you were dumb enough to choose Microsoft as your cloud provider, you kinda deserve what is coming to you. Microsoft cannot even produce a secure desktop OS. Why would anyone think that their cloud platform would be any different?
Quantify how much less secure (Score:2)
There are cloud services from Amazon (AWS), Microsoft (Azure), Google, and others.
Has anyone quantified the level of security from these products?
A list of breaches, vendor faults helps but what's needed is actual quantification numbers.
The larger main issue is that development implementation projects for the cloud usually omit a dedicated expert in cloud security, software security and data security. Those full time job tasks fall onto the understaffed and overworked development team and fall outside of t
Damn..... (Score:2)
Microsoft practically invented cloud redundancy. They mulefaced the thing....
And it took 3 weeks to notice... (Score:3)
I can see you have a lot of automation to help out in the boring stuff like monitoring and validating incoming data. And some very motivated employees!
Guess I should be happy they were honest about it at all, and not just hiding it until someone else notices and publicly shames them.
Re:And it took 3 weeks to notice... (Score:5, Informative)
Re: (Score:2)
Indeed. Also nice to see that MS is still massively screwing up things that are their "highest priority". These cretins just cannot do good work.
Been there, Done that (Score:4, Interesting)
Re: (Score:2)
From a reference, this happened apparently over a period of 4 (!) weeks: https://cyberplace.social/@Gos... [cyberplace.social]
Guess MS did not see fixing things as a priority or did not have sensors in place at all and did not even notice. Some customer probably complained about the incomplete logs.
This may not have causes by an attack, but it is a major security incident all by itself. On the level that makes people with a clue move away from the platform. Well, these are probably not on any MS cloud anyways.
Re: (Score:2)
worst, they actually had a health incident open for late logs in entra ID during this period, so they knew something was up.
Re: (Score:2)
You mean they actively looked away? Well, it is Microsoft. They fuck their customers any way they can these days.
Security... (Score:5, Funny)
Microsoft taking that security through obscurity literally..
Re:Security... (Score:5, Insightful)
More like reputation through obscurity. They just had that big breach last year with some bigwigs' Outlook 365 accounts getting compromised. It wouldn't be acceptable to announce another breach this year. So instead they announce the logs went missing.
Kind of like when police bodycam footage goes missing.
Re: (Score:2)
Possibly. Incidentally, _all_ of Exchange Online got compromised in 2023:
https://www.cisa.gov/sites/def... [cisa.gov]
Re: (Score:2)
Yep. Great demonstration of them making security their "highest priority". This thing is a really bad security incident and it is all their own doing.
"We're Trusted(TM)" (Score:4, Funny)
Re: (Score:2)
Trusted doesn't mean trustworthy.
Re: (Score:2)
They are correct. Too many people trust them, so they are trusted. The definition of "trusted" is "can attack you".
What Microsoft is not, never was and never will be is "trustworthy".
Not a security incident, huh? (Score:4, Interesting)
The notification said that the logging outage was not caused by a security incident [...]
Without logs, how would you know for sure that it wasn't a security incident?
Re: Not a security incident, huh? (Score:2)
Re: (Score:2)
And they needed two weeks to notice? Well, that nicely shows how "serious" Microsoft is taking security, after all.
Re: (Score:2)
That is just the usual lying that serves to obscure how massive this screw-up is, especially after they had Exchange Online fully compromised in 2023 and did not even notice.
And you know what? On most people these lies-by-misdirection work.
The fact of the matter is that this loss of these logs _is_ a massive security incident. It is just all their own fault, no attacker to blame.
No Poop September (Score:2)
Microsoft tries No Poop September, only makes it half way.
Nobody ever got fired (Score:2)
For choosing Microsoft.
Re: (Score:2)
High time for that to change.
Microsoft says they have no clue ... (Score:1)
... regarding how to run their business professionally, and they are making beginner's mistakes all over the place. This is really no surprise to anybody with a working mind. MS has screwed up time and again and often in the most incompetent way possible. For a recent example, see here:
https://www.cisa.gov/sites/def... [cisa.gov]
Unfortunately, working minds are in short supply, so their crap still sells well.
Indistinguishable from Malice (Score:2)
With the logs missing there's no saying what happened, obviously.
What should be equally obvious is that there's no reason to believe Microsoft lost them, which implies events outside their control.
Re: (Score:2)
Obviously. The malice is that MS is, and never was, taking money for really crappy services and products. It is amply clear that MS "lost" these logs because they did not care to make them reliable and secure enough. But here is the thing" Tons of organizations and individuals buy MS crap and their profits are stellar. Why should they even try to make good products or offer good services in that situation? Anybody depending on Microsoft these days is deep into self-harm, no exceptions.
Re: (Score:2)
That should have been "never was above"...
Wonder who (Score:2)