In early July, the news broke that threat actors in China used a Microsoft security flaw to execute highly targeted and sophisticated espionage against dozens of entities. Victims included the U.S. Commerce Secretary, several U.S. State Department officials and other organizations not yet publicly named. Officials and researchers alike are concerned that Microsoft products were again used to pull off an intelligence coup, such as during the SolarWinds incident.
In the wake of the breach, the Department of Homeland Security released a report stating that the Cyber Safety Review Board (CSRB) will conduct its next review on the malicious targeting of cloud computing environments. What lessons can be learned from this latest cyber incident? And how might companies protect themselves?
In the wake of the Microsoft breach
Immediately upon learning of the incident in July, the Department considered whether the Microsoft breach would be an appropriate subject of the Board’s next review. The CSRB plans to examine how the government, industry and cloud service providers (CSPs) should seek to strengthen identity management and authentication in the cloud.
The CSRB plans to specifically investigate the recent Microsoft Exchange Online intrusion. Furthermore, the Board will develop actionable recommendations to advance cybersecurity practices for both cloud computing customers and CSPs themselves.
After targeting top U.S. officials’ emails, the espionage operation triggered sharp criticism of M ..
Support the originator by clicking the read the rest link below.
