SolarWinds hackers hit Microsoft

The infamous SolarWinds data breach made headlines a few years back, in which a Russian cyber crime group breached the US Treasury and Commerce departments through an IT security vendor called SolarWinds. Over a hundred private companies were also affected. The ripples from that incident extended well beyond the initial breach, which we covered thoroughly.

Now, the very same team of thieves, often going by other names but currently designated as Midnight Blizzard, according to reports, has broken into Microsoft’s corporate email systems and accessed accounts of employees, cybersecurity and legal teams, and senior company leaders alike.  This group is reportedly part of Russia’s SVR foreign intelligence agency, which raises the severity of their activities.

While Microsoft so far claims that the incident has not had a material impact on business operations, it could not currently forecast any impact on its finances.  Microsoft reveals that the SVR group compromised credentials on a legacy test account, which then allowed a brute force attack to compromise the accounts of Microsoft leadership.  It is a technique to which they also attribute 40 more attempted breaches of organizations worldwide, through Microsoft Teams chats.  A single old password was all it took in this case, and the mission was on.

This incident appears to fall under the category of legacy applications as an access point for hackers.  Cyber criminals often find these to be quick footholds, since legacy vectors are outdated and often neglected by organizations in favor of new technology.  Rather than vulnerabilities in services or software, the legacy problem is not always the first, most obvious point of exposure.  And yet, for years now they have represented a major problem for all business sectors.

As many current regulations and policies will mandate the encryption of sensitive data, complications can easily arise for legacy applications or devices that were implemented so long ago, it may be challenging to locate the source code or developer.

Keeping everything up to par with modern security protocols is especially difficult in these cases. NetLib Security’s Encryptionizer platform for desktops and servers can breathe new life into your critical legacy applications. Easy to use and deploy, it requires minimal configuration through our point-and- click utilities to encrypt the data of virtually any legacy application on the Windows or MSDOS Platform.

Request a free evaluation here, and let Encryptionizer prevent your legacy from becoming your future headache.


By: Jonathan Weicher, post on January 24, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security