Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

Hackers Tapped Into Aging Test Account | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | #hacking | #aihp

Leading tech giant, Microsoft Corporation, is facing security troubles as hackers managed to breach their network, as per a report on Arstechnica. They monitored top executives’ emails for about two months before being fully detected and neutralized.

Key Takeaways:
– Hackers infiltrated Microsoft’s network using a vulnerable, poorly protected non-production test tenant account.
– The hackers tracked by Microsoft as ‘Midnight Blizzard’ used password spraying techniques to breach the network.
– They escalated their access privileges to snoop on senior executives and employees of the legal and security teams.
– The hackers exploited the OAuth authorization protocol to abuse existing network accessibility.
– The breach laid bare significant flaws in Microsoft’s internal security apparatus.

Breaching the Fortress

The breach by hackers into Microsoft’s network is a harsh reality check for the tech giant. Revealed through an opaque and subtly worded post last Thursday, the information showed a fundamental flaw in the company’s security strategy. The hackers gained access through an aging account of the system with administrative privileges — a grave oversight on Microsoft’s part.

The Hackers’ Modus Operandi

The hacking group known to Microsoft as Midnight Blizzard used an old-fashioned yet effective hack — password spraying. Simply put, it involves the hacker trying out common and weak passwords until one of them works to breach an account. In this case, they target a ‘legacy non-production test tenant account’ that was not safeguarded by multifactor authentication, essentially leaving an open door for the hackers.

A Deeper Dive into the Breach

Once they had access to the legacy account, the hackers gained escalated access to the accounts of senior executives and employees working in security and legal teams, thus enhancing the severity of their intrusion. The question now is, how did they manage to gain such in-depth access?

Hidden Mechanisms of Hacking

The answer lies with the lax security around the aging test account which allowed the hackers to exploit the company’s widely-used OAuth authorization protocol. This protocol ordinarily permits apps to access resources on a network. The hackers manipulated this protocol to create a harmful app, which they then granted rights to access every email address on Microsoft’s Office 365 email service.

Recognizing the Deadly Breach

The recent breach at Microsoft is an eye-opener on the vulnerability of even the largest and most technically sophisticated organizations. It’s a stark reminder that consistent review and uptick of security measures are essential for maintaining the integrity of any organization’s cyber infrastructure. Companies must be continuously diligent in enforcing strict data security protocols and updating their security frameworks, capable of fending off potential cyber threats.

Future Measures

The unfortunate breach served to expose a significant lapse in Microsoft’s internal security, leading the corporation to promptly undertake an ongoing in-depth investigation into the matter. They have vowed to tighten their security measures with an end goal of preventing another incident of this magnitude from occurring in the future. No organization, regardless of size, is safe from the global and ever-evolving threat of cybercrimes.

In a world where cybersecurity threats loom large, companies have to balance both advanced technology and sound security practices to safeguard their systems and users. While it’s challenging, it’s certainly not an option; it’s an imperative.

In conclusion, as the world migrates more towards a digital reality, cybersecurity remains a paramount concern that needs to be continuously addressed. It forms the base for a safe, secure, and trustable digital ecosystem that can enjoy and benefit from the immense potential the digital realm provides.

(function(d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); = id;
js.src = “//”;
fjs.parentNode.insertBefore(js, fjs);
}(document, ‘script’, ‘facebook-jssdk’));


Click Here For The Original Story From This Source.

Click Here For The Original Source.