Microsoft employees accidentally exposed login credentials for important internal systems

Why it matters: Over the past few years, Microsoft has built a massive cybersecurity company capable of analyzing billions of threat signals every day. That said, it struggles to deal with the risks of accidental source code leaks and exposed credentials. According to a cybersecurity firm, this is one of the main challenges facing companies in the age of hybrid working.

It’s an open secret that Microsoft has a $15 billion cybersecurity business that tops all other products and services offered by the company. Office 365, Azure and Xbox are still big cash cows for the Redmond giant, but it’s hard to ignore the fact that nearly a third of overall revenue comes from identifying emerging security threats, dismantling botnets and helping various organizations secure their hybrid work. Infrastructure.

However, a cybersecurity firm called SpiderSilk (via Vice Motherboard) believes that Microsoft also needs to improve its own security posture. Apparently, several Microsoft employees failed to follow good security practices and managed to expose sensitive login credentials on GitHub.

Microsoft, owner of GitHub, confirmed the results. Turns out the credentials exposed were for Azure, which is Microsoft’s cloud service. All were linked to an official Microsoft Tenant ID and some were still active when SpiderSilk discovered them. A Microsoft spokesperson explained that there was no evidence of unauthorized access and that the company was already taking steps to prevent accidental sharing of credentials.

This indicates that the Redmond giant is moving quickly when it comes to reducing the attack surface of its corporate infrastructure, but it also highlights the importance of security hygiene at a time when the number of cyberattacks , ransomware campaigns and data breaches are on the rise. According to Check Point Software, the frequency of these attacks increased by 42% worldwide in the first half of 2022 compared to the same period last year.

For obvious reasons, the company was reluctant to say which internal systems could be accessed via the exposed credentials. At least in theory, once an attacker gains access to a point of interest, they may be able to move horizontally or vertically through enterprise infrastructure. For example, machine-to-machine credentials that enable seamless integration between services can sometimes provide nearly unlimited access to an organization’s systems.

Microsoft employees accidentally exposed the credentials of

Mossab Hussein, Chief Security Officer of SpiderSilk, notes that “we continue to see accidental source code and credential leaks as part of an enterprise’s attack surface, and it is becoming increasingly more difficult to identify quickly and accurately. This is a very difficult problem for most businesses these days. »

Over the past few years, SpiderSilk researchers have reported several security incidents, including a massive leak of Samsung data, exposed passwords of Elsevier users, personal information of WeWork customers uploaded by developers and a leaked list of Electronic Arts Slack channels.

In a similar vein, Microsoft recently halted a multi-year cyber-espionage campaign by a Russian state-sponsored group known as “Seaborgium.” The threat actor had done a mix of social engineering, credential theft and sophisticated impersonation of business contacts to target key people in NATO countries.

The company has also started rolling out a tamper protection feature for Microsoft Defender for Endpoint on macOS, which is a boon for sysadmins dealing with Apple machines.

Leave a Comment