In a seemingly recurring theme, Microsoft disclosed that a China-based adversary has exploited a vulnerability in its cloud platform. The cyber attack exposed email data for 25 organizations, including federal government agencies, according to the White House. First detected by the U.S. government in mid-June, the vulnerability enabled hackers to forge authentication tokens to gain access to individual email accounts.
This flaw, which has now been mitigated, highlights the need for layered data security so that, when vulnerabilities are exploited, measures are still in place to block unauthorized access to sensitive information, regardless of where it resides.
As emphasized in the Microsoft vulnerability brief, cyber attacks continue to escalate in frequency and sophistication — with email as a primary target for intelligence gathering. That’s why security leaders should be prioritizing data-centric protection for data flowing through vectors like email, file-sharing platforms, and SaaS apps.
According to Microsoft:
On June 16, 2023, based on customer reported information, Microsoft began an investigation into anomalous mail activity. Over the next few weeks, our investigation revealed that beginning on May 15, 2023, Storm-0558 gained access to email data from approximately 25 organizations, and a small number of related consumer accounts of individuals likely associated with these organizations. They did this by using forged authentication tokens to access user email using an acquired Microsoft account (MSA) consumer signing key… We added substantial automated detections for known indicators of compromise associated with this attack to harden defenses and customer environments, and we have found no evidence of further access.
Hackers had access to this data for at least a month before the vulnerability was reported, according to The New York Times.
The Washington Post reported that “The number of U.S. email accounts believed to be affected so far is limited, and the attack appeared targeted, though an FBI investigation is ongoing, said a person familiar with the matter who spoke on the condition of anonymity because of the matter’s sensitivity.”
While this vulnerability has been mitigated, it raises two important questions that every organization must answer:
The more measures in place to safeguard access to the data itself, the stronger your security posture. Many organizations lean on Microsoft’s native security controls to protect information in email, file-sharing platforms, and SaaS apps — but because Microsoft continues to be a primary target of cyber attacks and an uncomfortably frequent victim of data breaches — it’s wise to put additional data protections in place.
TLDR: When data access is managed separately from system access, you have a degree of separation so that, should someone gain unauthorized access to your systems, they won’t automatically have access to the data, too.
Some of the ways that Virtru can help you put these additional data protections into place are through:
When it comes to collecting intelligence, email represents a treasure trove of corporate and personal information that can be used against you, your organization, and even pose threats to national security, in the case of government agency and critical infrastructure data.
Beyond email, consider the other SaaS applications that your organization uses to manage customer or constituent data — apps like Salesforce, Zendesk,
At Virtru, we specialize in helping organizations safeguard information on the data object level, ensuring well-defined data access controls that extend beyond your organization’s perimeter and provide degrees of separation between system and data.
Ready to fortify your data security in your Microsoft, Google, or hybrid cloud ecosystem? Contact our team for a demo today.