It’s an open secret that Microsoft has a $15 billion cybersecurity business outpacing all other products and services the company offers. Office 365, Azure, and Xbox are still big cash cows for the Redmond giant, but it’s hard to ignore the fact that almost a third of the overall revenue comes from identifying emerging security threats, dismantling botnets, and helping various organizations secure their hybrid work infrastructure. However, a cybersecurity firm called SpiderSilk (via Vice Motherboard) believes Microsoft also needs to improve its own security posture. Apparently, several Microsoft employees didn’t follow good security practices and managed to expose sensitive login credentials on GitHub. Microsoft, which owns GitHub, confirmed the findings. It turns out the exposed credentials were for Azure, which is Microsoft’s cloud service. All of them were linked to an official Microsoft tenant ID and some were still active when SpiderSilk discovered them. A Microsoft spokesperson explained there’s no evidence of unauthorized access and the company is already taking steps to prevent further accidental sharing of credentials.
Average weekly attacks per organization by industry, H1 2022 | Data: Check Point Research This means the Redmond giant does move quickly when it comes to reducing the attack surface of its corporate infrastructure, but it also highlights the importance of security hygiene at a time when the number of cyberattacks, ransomware campaigns, and data breaches is surging. According to Check Point Software, the frequency of these attacks has increased by 42 percent globally in the first half of 2022 compared to the same period of last year. For obvious reasons, the company was reluctant to say what internal systems could be accessed through the exposed credentials. At least in theory, once an attacker gains access to one point of interest, they may be able to move horizontally or vertically through the corporate infrastructure. For instance, machine-to-machine credentials that enable seamless integration between services can sometimes give almost unfettered access to an organization’s systems.
Mossab Hussein, SpiderSilk’s chief security officer, notes that “we continue to see that accidental source code and credential leakages are part of the attack surface of a company, and it’s becoming more and more difficult to identify in a timely and accurate manner. This is a very challenging issue for most companies these days.” Over the past few years, SpiderSilk researchers have reported on several security incidents, including a massive Samsung data leak, exposed passwords of Elsevier users, personal information of WeWork customers being uploaded by developers, and a leaked list of Electronic Arts Slack channels. In related news, Microsoft recently disrupted a multiyear cyber-espionage campaign of a Russian state-sponsored group known as “Seaborgium.” The threat actor had been doing a mix of social engineering, credential theft, and sophisticated impersonation of business contacts to target key individuals in NATO countries. The company has also started rolling out a tamper protection feature for Microsoft Defender for Endpoint on macOS, which is a boon for sysadmins dealing with Apple machines. Masthead credit: Turag Photography
