The recent security breach at HPE mirrors the targeted attack on Microsoft by Midnight Blizzard. Although there is no conclusive evidence linking the two incidents, it is crucial to understand how to safeguard accounts from password spray attacks.
Disclosed on January 19, Microsoft revealed that the state-sponsored threat actor group Midnight Blizzard gained unauthorized access to corporate emails and documents. The intrusion, initiated in November 2023, involved exploiting a legacy test tenant account. Subsequently, the attackers utilized the account's permissions to infiltrate a limited number of Microsoft corporate email accounts, including those of senior leadership and individuals from cybersecurity and legal teams.
In a blog post, the Microsoft Security Response Center team clarified, "The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself." Importantly, Microsoft emphasized that the attack did not exploit any vulnerability in their products or services, and there is no evidence of access to customer environments, production systems, source code, or AI systems.
A later development on January 24 revealed that HPE also fell victim to the Midnight Blizzard gang, with data breaches starting in May 2023. Compromised email accounts at HPE belonged to individuals in cybersecurity, go-to-market, business segments, and other functions. The ongoing investigation by HPE has not conclusively determined if the attacks on HPE and Microsoft are connected.
Midnight Blizzard employed a password spray attack to access Microsoft email accounts. This method involves spamming commonly used passwords against numerous accounts within an organization. To defend against such attacks, organizations are advised to implement multifactor authentication, monitor older or test accounts, and utilize up-to-date SIEM software.
Indicators of a password spray attack may include a sudden increase in the number of unsuccessful password attempts or evenly spaced times between attempts. Strengthening login detection, enforcing robust lockout policies, and promoting the use of password managers can mitigate the risk of password spray attacks.
Amid the evolving cybersecurity landscape, Gary Orenstein, Chief Customer Officer at Bitwarden, emphasized the importance of educating employees on robust passwords, two-factor authentication (2FA), and recognizing social engineering attacks. Building awareness through simulations or interactive modules can foster a resilient cybersecurity posture within organizations.
Facing the challenge of nation-state actors, Microsoft acknowledged the necessity of robust incident response plans and threat intelligence monitoring. The company highlighted the shift in the balance between security and business risk, indicating a need for expedited security measures, even if they disrupt existing business processes, to counteract the evolving threat landscape posed by state-sponsored attacks.
Other Posts you might be interested in:
Explore essential cybersecurity practices for small and medium-sized businesses, covering employee training, password policies, multi-factor authentication, and more. Elevate your business's security with DeepBlue Computers, offering customized solutions and expertise to fortify against evolving cyber threats.
Read More
Google Cloud has made its Assured Open Source Software platform free, which provides access to vetted open source software packages. The program includes over 1,000 Java and Python packages and features advanced security testing methods to ensure the packages are safe and reliable for developers to use.
Read More
New Studies from BitDefender and Arctic Wolf show that cybergroups are employing new tactics that exploit popular social channels such as Facebook and Youtube. The exploit uses DLLs, shared code libraries used by every operating system to hide malicious code by in the form of a legitimate DLL.
Read More