Tech
Microsoft Expands Cloud Logging to Counter Rising Nation-State Cyber Threats
(CTN News) – After it was criticized for a recent email infrastructure espionage attack, Microsoft announced Wednesday that it is expanding cloud logging capabilities to help organizations investigate cybersecurity incidents.
A growing number of nation-state cyber threats are forcing the tech giant to make the change. All government and commercial customers will be able to use it starting in September 2023.
Our worldwide customers will soon have access to broader cloud security logs at no additional cost, according to Vasu Jakkal, Microsoft’s corporate vice president of security, compliance, identity, and management.
Microsoft Purview Audit customers will be able to visualize more types of cloud log data across their enterprise as these changes take effect.”
In addition to detailed email logs, users will also be able to access more than 30 other types of log data previously only available to Microsoft Purview Audit (Premium) subscribers.
Additionally, the Windows maker is extending the default retention period for Audit Standard customers from 90 days to 180 days.
It’s “a significant step forward toward advancing security by design principles” to have access to key logging data, according to US Cybersecurity and Infrastructure Security Agency (CISA).
Besides detailed email logs, users can access more than 30 types of log data previously only available to Microsoft Purview Audit (Premium) subscribers. Moreover, Audit Standard customers will now be able to keep records for 180 days as opposed to 90 days previously.
It’s “a significant step forward toward advancing security by design principles” to have access to key logging data, according to US Cybersecurity and Infrastructure Security Agency (CISA).
A threat actor operating out of China, dubbed Storm-0558, breached 25 organizations by exploiting a validation error in Microsoft Exchange.
It was one of the affected entities that detected the malicious mailbox activity in June 2023 as a result of enhanced logging in Microsoft Purview Audit, specifically the MailItemsAccessed mailbox auditing action, prompting Microsoft to investigate.
In contrast, other impacted organizations were not able to identify the breach because they were not subscribers of E5/A5/G5 licenses, which provide elevated access to various kinds of logs.
However, Redmond said the adversary has been mounting OAuth applications, token theft, and token replay attacks against Microsoft accounts since at least August 2021, when the attacks began.
The company is investigating the intrusions, but to date it has not explained how the hackers were able to obtain an inactive Microsoft account (MSA) consumer signing key to forge authentication tokens and access customer email accounts via Outlook Web Access in Exchange Online (OWA) and Outlook.com.
Microsoft revealed last week that most Storm-0558 campaigns aim to gain unauthorized access to employees’ email accounts.
Using the compromised user’s valid account credentials, Storm-0558 logs into the compromised user’s cloud email account and collects information from the email account via the web service.”
SEE ALSO:
An Apple Testing Platform To Compete With OpenAI’s ChatGPT
