TLDR:
- Microsoft Exchange Online service was hacked by a group affiliated with China due to weak security culture.
- The Cyber Safety Review Board recommended reforms in Microsoft’s security practices and industry-wide control mechanisms.
Summary:
The Cyber Safety Review Board released a report in late March detailing the successful hacking of Microsoft Exchange Online service by a group affiliated with the People’s Republic of China. The report highlighted the inadequacy of Microsoft’s security culture as a contributing factor to the breach. The hackers were able to compromise Microsoft cryptographic signing keys through an employee’s compromised laptop, gaining access to and exfiltrating information from Microsoft’s email service, including the accounts of key U.S. government officials.
The report recommended that Microsoft formulate and publicly disclose a plan to reform its security practices and hold senior officers accountable. It also suggested diverting personnel to focus on product security improvements and implementing modern control mechanisms and digital identity standards in cloud services industry-wide. The report also called for the adoption of a minimum standard for cloud service audit logging to aid in intrusion detection and investigation.
Ultimately, the report aims to bring about change in Microsoft’s security culture to prevent future breaches, while also setting industry-wide standards for cloud service providers to enhance cybersecurity practices.