After years of transparency issues, bypassed patches and rocky communication practices with the security community, infosec professionals say Microsoft has failed to uphold its end of the security bargain.
Frustrations came to a head with a breach Microsoft disclosed last month when a Chinese nation-state threat actor, dubbed Storm-0558 by the tech giant, gained access to 25 organizations that included U.S. government agencies. The threat actor breached accounts by exploiting a “token validation issue,” according to Microsoft, through Outlook Web Access in Exchange Online and Outlook.com.
The attacks were notable because they were first detected by the U.S. government, not Microsoft itself. CISA said a federal civilian executive branch (FCEB) initially discovered suspicious activity in its Microsoft 365 environment in June.
CISA’s advisory stated it only detected the attack because the FCEB had enabled enhanced logging for its Microsoft 365 services, available to the most premium 365 license agreement levels E5 and G5. “CISA and FBI are not aware of other audit logs or events that would have detected this activity,” the advisory said.
In response, Microsoft plans to roll…
