This article was contributed by Cynthia Madison who works as an author at SmallBizClub.
Even the most reputable and established companies can experience a data breach, and it seems Microsoft is no exception. The technology giant experienced four considerable attacks in 2021 alone and was a target of much more over the years. That may lead people to assume that there are weak security implementations in place, but the truth is that the matter is much more complex and sometimes not even related to how lucrative or useless the security measures are.
Microsoft may, indeed, have its vulnerabilities, as it fell victim to data breaches multiple times. The most recent one happened on March 20, 2022, when several significant Microsoft projects were compromised.
Let's dig deeper into the subject and see what happened.
March 22, 2022, was a dark day for Microsoft, as a hacker group nicknamed Lapsus$ had breached its defenses. The computer software vendor is, thus, added to the cyber gang's rolling list of victims. In a blog post, Microsoft also made it public that it was compromised by the so-called Lapsus$ Group and claimed that no customer data had been affected. Instead, the malicious group gained access to Microsoft's systems.
According to the company's description, only a single account was compromised, and the security experts managed to stop the attack before the hacker gang could penetrate deeper into their systems.
Microsoft's specialists have been studying the Lapsus$ Group for years and are well aware of these hackers' existence. In the same blog post, the company described the group as an extensive extortion and social engineering campaign that aims to destroy several international organizations. Microsoft's security team asserted that Lapsus$ makes use of social engineering to hack an account and acquire access to a system, a very advanced tactic that enables them to compromise systems without being caught.
They also act on social media, found under the name DEV-0537, trying to lure employees with compensation in exchange for critical details about their companies, such as credentials. But Lapsus$ Group is far sneakier than that. As reported by Microsoft, the malicious group also has workers respond to a Multi-factor Authentication (MFA) prompt and ask them to install remote control software on an online workstation.
On March 20, just two days before the attack, Lapsus$ claimed credit for gaining access to Azure, posting a screenshot in an Azure DevOps environment on Telegram. It seems that this group is really enjoying what they do, and, contrary to what most organizations think, Lapsus$ members state that they're only doing this for money, and there's no politics in it.
Misconfigured Power Apps portals
August 2021 is a time to remember for the technology giant, as it experienced two major data breaches. One of these is related to Microsoft Power Apps portals. The company received a notification from a cybersecurity firm called UpGuard as regards a potential vulnerability in its Power Apps portals.
The portals are used to develop web pages for data sharing with various employees, partners, and closely-connected groups. So, it's normal for considerable amounts of critical data to be in there. They use Application Programming Interfaces (APIs) to enter tables in databases, so the security level of these portals should be high.
Nevertheless, malicious actors managed to compromise Microsoft's PowerApps portals and 47 associated organizations, counting Ford Motor Co., American Airlines, and the New York Metropolitan Transportation Authority. The nature of exposed information varied. In some instances, hackers were interested in COVID-19 tracing, testing, and vaccination data; in others, employee file information was the main point of interest.
A later update revealed that the attack hadn't anything to do with Microsoft but occurred on the part of third-party organizations. The company published a comprehensive Power Apps documentation in which it described the way in which specific data could be made available. Still, there weren't any other protections in place, like a warning alert inside the software notifying that a system malfunction would expose the data.
Such attacks should be a red flag for companies that store sensitive data on the Internet through a cloud computing provider. Although some breaches can't be predicted or avoided, others can be successfully prevented if you take cybersecurity practices seriously. Some of the most useful measures to protect your most valuable corporate data include:
- use anti-virus and anti-malware
- keep hardware and software up-to-date
- use a VPN to protect your network security
- have robust passwords in place
- consider a secure file-sharing option to encrypt data
If any of these methods don't work and you still fall victim to a data leak, https://www.databreachclaims.org.uk recommends taking the necessary legal steps and seeking compensation for your losses, whether financial or psychological.
Azure August 2021 breach
The impact on Microsoft's computing platform, Azure, is the second attack the software provider experienced in August 2022. Hackers gained access to accounts and client databases housed on Azure, counting data and records regarding several Fortune 500 companies.
The problem came from Azure's database service, Cosmos DB, which is believed to have had some vulnerabilities. Through these weaknesses, hackers could compromise Microsoft's Jupyter Notebook feature of Cosmos DB and gain full access to critical customer information and thousands of accounts.
It's not yet clear whether Microsoft was truly at fault for this data leak, as there's a gap of information regarding third parties possibly involved, but one thing is for sure – the vulnerabilities in Cosmos DB generated a functional loophole, allowing anyone to access confidential data.
Microsoft exchange server hack
In January 2021, one of Microsoft's broadest security incidents occurred. It was possible because of four zero-day vulnerabilities that permitted unauthorized parties – apparently China-backed hackers – to hijack servers, deploy malware, and access data and backdoors to access other systems.
Hackers benefitted from this system weakness long-term, as a sheer volume of hacks continued to appear in the following period. The Biden Administration considered these system flows a danger to national security because malicious parties seemed to target everything from small non-profit organizations and companies to local institutions and governments.
This is, without any doubt, a precarious situation; that's why it's paramount to be educated about cybersecurity.
About the author
Cynthia Madison is an author at SmallBizClub with a solid technical, business, and financial foundation. She's responsible for providing share-worthy articles that deliver value straight to the point. Cynthia enjoys watching thought-provoking TED talks on technology advancements in her spare time. She lives a “never stop learning” life.