Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label CSRB. Show all posts

Unveiling the Threat: Microsoft's Executive Speaks Out on State-Backed Hacking

 


The executive vice president of security at Microsoft, Charlie Bell, recently proposed that the company is the neighbourhood of foreign state-sponsored hackers in an interview with Bloomberg. It has certainly been true over the years that they are particularly good at collecting data over time, gathering momentum over time, and being able to leverage that momentum into more successes over time,' Bell speaks at length about their abilities. 

Microsoft announced the Secure Future Initiative last November, following a series of cybersecurity breaches, associated with foreign governments, which resulted in Microsoft launching the initiative to protect its users' data. A notable example of these breaches was the intrusion of Chinese hackers who gained access to customer email addresses in May by breaking into systems through a malware program. 

Approximately 30 million customer's data were compromised as a result of hacking by a Russian-allied group known as Anonymous Sudan in the summer of 2023. Even though Microsoft has implemented several security initiatives over the past few years, there are still breaches that occur. 

There have been several incidents involving hackers that have hacked into the email accounts of Microsoft employees, including those of executives, and exposed vulnerabilities even further. The hackers have been named Midnight Blizzard, a group supported by Russia. 

It was subsequently determined that Microsoft's security systems were compromised due to a series of failures found within the software as a result of the breach, according to a report from the US Cyber Safety Review Board (CSRB). 

There is no doubt that Microsoft's security culture is insufficient to safeguard its customers' information and business operations, according to the CSRB report, which calls for a significant overhaul of the corporate culture, given the company's pivotal role in the technology ecosystem and the massive trust that customers place in it. 

The company has taken steps to strengthen its security framework as well as removing over 700,000 obsolete applications from its database, as well as 1.7 million outdated accounts. The company has stepped up efforts to implement multi-factor authentication across more than one million accounts as well as enhance its security protections to prevent the theft of employee identities by hackers by increasing its efforts to achieve multi-factor authentication in more than one million accounts. 

As a result, critics of Microsoft's security infrastructure argue that these actions are not sufficient to correct Microsoft's fundamental security flaws and do not go far enough in addressing them. It has been more than a month since Microsoft has responded to criticisms. A report released by Microsoft recently shows that Chinese state-sponsored hackers are using artificial intelligence (AI) to spread misinformation in advance of the upcoming presidential election, adding another layer of concern to the cybersecurity landscape. 

It will make it imperative to keep developing robust defensive strategies to counter the ever-evolving tactics of cyber adversaries and protect democratic processes as well as national security in times when they are vulnerable to cyber-attacks.