By Trysten Schlottmann, NERC Operations Analyst
It comes as no surprise these days that there seems to be breaking news in the realm of Cyber Security nearly every day from great leaps in technologies to protect end-users to verifiable attacks on the gigantic entities that bring about such technologies. All of which leads us into the Midnight Blizzard attack on Microsoft and their software environment. At the time, back in January, it seemed like the attack had only impacted a small portion of the business such as some accounts on the Corporate Email. But, as revealed in March, the attack had a deeper penetration than expected.
The attack by Nobelium, a Russian-State sponsored hacking organization, was able to penetrate the core software systems internal to Microsoft due to the compromise inflicted back in January. This update was supplied by E-ISAC as a part of a follow up to the initial compromise reported by Microsoft and comes with the assurance from Microsoft that they had not noticed any material impact to their customer side of their applications.
As the world gets more inter-connected and cloud hosting becomes more prevalent, these companies will become larger targets for disruption and attacks, increasingly so as more Critical Infrastructure becomes reliant on their infrastructure. It’s important to be aware of these attacks as more infrastructure is consolidated to centralized locations with the space, as the cost of convenience could lead to greater damages should the next attack be successful at impacting the customer side of their software suite. As always, frequent audits of user accounts or maintaining local infrastructure can help mitigate the risk of being hit in a targeted attack by the state-sponsored groups.