Security leaders discuss Microsoft’s stolen source code
Microsoft’s security team detected a cyberattack in January of 2024. The attack was spotted within corporate email systems, activating an immediate response process, and the source of this cyberattack was identified as the Russian state-sponsored threat actor, Midnight Blizzard. Evidence suggests that Midnight Blizzard is utilizing data gathered from the corporate email system in order to try and gain unauthorized access to the organization’s internal systems, source code repositories and more.
Security leaders weigh in
Tim Callan, Chief Experience Officer at Sectigo:
“It’s worth noting that this exploit originates with the same basic credentials compromises that we see in nearly all attacks of this nature. Once the attacker has inappropriate access, a whole host of additional malicious activity becomes possible. Stronger authentication methods, including PKI-based authentication, are our single most powerful defense against these breaches.”
John Bambenek, President at Bambenek Consulting:
“Whenever something like source code is stolen, incident responders have to start thinking about how that information can be used to attack the organization and customers. Ironically enough, secrets being part of the data being stolen makes this work a little easier. Attackers naturally gravitate towards credentials so defenders can put more strict monitoring on the underlying accounts to look for misuse (after rotating the keys or passwords, of course). That seems to be what’s driving the additional insights Microsoft provided this morning. However, unlike traditional expulsion events in IR where you simply close all the doors opened by an attacker, source code and secret theft requires ongoing monitoring, remediation, and response months after the breach was mitigated.”
Omri Weinberg, Co-founder and CRO at DoControl:
“Unfortunately, these things will never end and history always repeats itself. Companies, and mostly management teams or boards, need to understand that they must invest more money in their security posture. It’s a never-ending chess game in which you always need to be one step ahead of the attacker.”
https://www.securitymagazine.com/articles/100498-security-leaders-discuss-microsofts-stolen-source-code