The recent security breach at HPE mirrors the targeted attack on Microsoft by Midnight Blizzard. Although there is no conclusive evidence linking the two incidents, it is crucial to understand how to safeguard accounts from password spray attacks.
Disclosed on January 19, Microsoft revealed that the state-sponsored threat actor group Midnight Blizzard gained unauthorized access to corporate emails and documents. The intrusion, initiated in November 2023, involved exploiting a legacy test tenant account. Subsequently, the attackers utilized the account's permissions to infiltrate a limited number of Microsoft corporate email accounts, including those of senior leadership and individuals from cybersecurity and legal teams.
In a blog post, the Microsoft Security Response Center team clarified, "The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself." Importantly, Microsoft emphasized that the attack did not exploit any vulnerability in their products or services, and there is no evidence of access to customer environments, production systems, source code, or AI systems.
A later development on January 24 revealed that HPE also fell victim to the Midnight Blizzard gang, with data breaches starting in May 2023. Compromised email accounts at HPE belonged to individuals in cybersecurity, go-to-market, business segments, and other functions. The ongoing investigation by HPE has not conclusively determined if the attacks on HPE and Microsoft are connected.
Midnight Blizzard employed a password spray attack to access Microsoft email accounts. This method involves spamming commonly used passwords against numerous accounts within an organization. To defend against such attacks, organizations are advised to implement multifactor authentication, monitor older or test accounts, and utilize up-to-date SIEM software.
Indicators of a password spray attack may include a sudden increase in the number of unsuccessful password attempts or evenly spaced times between attempts. Strengthening login detection, enforcing robust lockout policies, and promoting the use of password managers can mitigate the risk of password spray attacks.
Amid the evolving cybersecurity landscape, Gary Orenstein, Chief Customer Officer at Bitwarden, emphasized the importance of educating employees on robust passwords, two-factor authentication (2FA), and recognizing social engineering attacks. Building awareness through simulations or interactive modules can foster a resilient cybersecurity posture within organizations.
Facing the challenge of nation-state actors, Microsoft acknowledged the necessity of robust incident response plans and threat intelligence monitoring. The company highlighted the shift in the balance between security and business risk, indicating a need for expedited security measures, even if they disrupt existing business processes, to counteract the evolving threat landscape posed by state-sponsored attacks.
Other Posts you might be interested in:
As companies generate and accumulate increasingly large amounts of data, it becomes essential for them to develop and implement data retention policies. These policies help companies manage their data in a consistent and secure manner while also ensuring they comply with legal requirements and regulations.
Read More
Dutch cybersecurity firm ThreatFabric has detected a new variant of the Android Trojan Xenomorph, classified as Xenomorph.C. This new version introduces a number of new features, which allows attackers to automate fraudulent transactions without human interaction. Xenomorph's creators, Hadoken Group plan to target hundreds of banks across all continents.
Read More
Microsoft addressed a data exposure incident stemming from AI researchers inadvertently sharing open-source training data on GitHub, leading to the exposure of 38TB of private information. The swift mitigation measures highlight the importance of secure data practices in the context of AI-driven initiatives.
Read More