Breaches at Microsoft and the Federal Government

It has been a hectic week for cybersecurity.  I can’t even begin by saying “the big news you might have heard about is,” because that could apply to at least two separate things.  This past weekend, Microsoft disclosed a data breach of its Outlook, Hotmail and MSN systems.  Although no passwords or email content were exposed, the fact that hackers were able to break into Microsoft’s systems with such ease should merit attention.  I say ‘such ease’ because all they had to do was acquire a customer support agent’s login credentials.  Emphasizing this point is Robert Vamosi, Senior Product Marketing Manager at ForgeRock, who says “When large corporations like Microsoft are compromised by malicious third parties, it should serve as an example to organizations everywhere that no one is safe from cyberattacks.”

Regardless of scope, Microsoft is advising people to change their passwords.

Meanwhile, we have severe news of publicly shared information on thousands of federal law enforcement personnel.  Names, phone numbers, and home and email address were stolen by a group of hackers and posted online, affecting employees at the FBI, Secret Service, Capitol Police and US Park Police.  The hackers in this incident targeted websites affiliated with non-profit group FBI National Academy Associates (FBINAA).  Apparently the core technical culprit was the third-part software they were using.  But this was only stage one.  Next came hacked information from six government databases associated with three non-profits.

In this case is a good example of insider threats.  Several of the hackers were actually from one group’s state chapter.

Even so, according to another non-profit’s survey (the Internet Society’s Online Trust Alliance), the federal government is actually the best at protecting consumer information.  Out of seven industries, government scored highest, while healthcare ranked last.

“By far, the biggest tactic bad guys use is someone steals your credentials. E-mail represents a starting point of 90% of attacks,” states Jeff Wilbur, the group’s technical director.  Indeed, we’ve already seen such an example in the Microsoft case.

This ease of access may make people nervous, but those uncertainties should be channeled into action.  Monitoring your financial statements, bank accounts, and even what you share online are all critical but relatively simple steps in this day and age.  And for those who do use any of the aforementioned Microsoft services, please, change your passwords.


By: Jonathan Weicher, post on April 17, 2019
Originally published at:
Copyright: NetLib Security