The recent security breach at HPE mirrors the targeted attack on Microsoft by Midnight Blizzard. Although there is no conclusive evidence linking the two incidents, it is crucial to understand how to safeguard accounts from password spray attacks.
Disclosed on January 19, Microsoft revealed that the state-sponsored threat actor group Midnight Blizzard gained unauthorized access to corporate emails and documents. The intrusion, initiated in November 2023, involved exploiting a legacy test tenant account. Subsequently, the attackers utilized the account's permissions to infiltrate a limited number of Microsoft corporate email accounts, including those of senior leadership and individuals from cybersecurity and legal teams.
In a blog post, the Microsoft Security Response Center team clarified, "The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself." Importantly, Microsoft emphasized that the attack did not exploit any vulnerability in their products or services, and there is no evidence of access to customer environments, production systems, source code, or AI systems.
A later development on January 24 revealed that HPE also fell victim to the Midnight Blizzard gang, with data breaches starting in May 2023. Compromised email accounts at HPE belonged to individuals in cybersecurity, go-to-market, business segments, and other functions. The ongoing investigation by HPE has not conclusively determined if the attacks on HPE and Microsoft are connected.
Midnight Blizzard employed a password spray attack to access Microsoft email accounts. This method involves spamming commonly used passwords against numerous accounts within an organization. To defend against such attacks, organizations are advised to implement multifactor authentication, monitor older or test accounts, and utilize up-to-date SIEM software.
Indicators of a password spray attack may include a sudden increase in the number of unsuccessful password attempts or evenly spaced times between attempts. Strengthening login detection, enforcing robust lockout policies, and promoting the use of password managers can mitigate the risk of password spray attacks.
Amid the evolving cybersecurity landscape, Gary Orenstein, Chief Customer Officer at Bitwarden, emphasized the importance of educating employees on robust passwords, two-factor authentication (2FA), and recognizing social engineering attacks. Building awareness through simulations or interactive modules can foster a resilient cybersecurity posture within organizations.
Facing the challenge of nation-state actors, Microsoft acknowledged the necessity of robust incident response plans and threat intelligence monitoring. The company highlighted the shift in the balance between security and business risk, indicating a need for expedited security measures, even if they disrupt existing business processes, to counteract the evolving threat landscape posed by state-sponsored attacks.
Other Posts you might be interested in:
Explore the prevalent cybersecurity threats businesses face, including phishing attacks, ransomware, and insider threats. Discover the importance of partnering with a cybersecurity firm for tailored defense strategies, and why DeepBlue Computers is a good choice for your cybersecurity needs.
Read More
An overview of the cyberespionage threat actor APT43, also known as Kimsuky or Thallium, which supports the interests of the North Korean regime and has been targeting government and military personnel, think tanks, policymakers, academics and researches throughout the western sphere.
Read More
Amidst the proliferation of AI tools, Google has announced new features that allow users to protect themselves from threats, identify AI-generated images and further protect sensitive data.
Read More