“Microsoft Corp. was wrapped into a massive cybersecurity attack late last year,” reports MarketWatch, “but the unprecedented intrusion may actually end up being a positive for the company’s bottom line.” UBS analyst Karl Keirstead, who has a buy rating and a $243 price target, said while Microsoft products were leveraged by hackers in the attack on SolarWinds Corp.’s Orion IT management software, because they are commonplace, “the broader cyber-security community are not pointing fingers at Microsoft.” Keirstead noted that the attack actually drove more customers into public cloud infrastructures like Azure, Amazon.com Inc.’s and Alphabet Inc.’s Google Cloud “given a view that cloud data centers are more secure and that constantly patching/updating on-premise software like Orion presents a security risk that can be transferred to Microsoft, Amazon or Google.” “Bottom line, we believe this cyber-security attack could be a modest net positive for Microsoft,” Keirstead said.Read more of this story at Slashdot.
Click here to read full news..
Microsoft drops victim to SolarWinds supply chain cyber-attacks
Microsoft Corp claims its systems were contaminated with malware rising from the SolarWinds violation, a springboard for attacks launched against United States government agencies as well as various other business that have actually emerged over recent days.
First reported yesterday (December 17) by Reuters, the Microsoft compromise shows up to have been sped up by a trojan hiding within updates to Orion, SolarWinds’ enterprise network monitoring software program.
In a statement, Microsoft validated that it had “found malicious SolarWinds binaries in our environment, which we isolated and eliminated”.
The tech giant said it had actually “not located evidence of access to manufacturing services or client data,” and also– although Reuters pointed out resources declaring or else– claimed it had “found absolutely no indications that our systems were made use of to assault others.”
The United States National Safety Agency has released a security advisory advising Microsoft Azure clients that some Microsoft cloud services may have been endangered. The sharp takes place to provide discovery and also remediation advice.
Path of destruction
The recently uncovered supply chain strike project, which could have started as early as March, endangered the networks of the United States Department of Homeland Security (DHS), as well as the Treasury, Commerce and also energy divisions.
Last week cyber risk discovery company FireEye ended up being the first organization to reveal that it had actually fallen victim to the assaults.
The attacks have actually been connected to Russian state-sponsored cybercrime gang APT29 (AKA Relaxing Bear).
Peeling off back the layers of the Orion
Orion is utilized to keep track of and take care of enterprise network properties such as servers, workstations, mobiles, as well as IoT devices.
SolarWinds customers likewise consist of the Government, NASA, the Division of Justice, the Workplace of the President of the United States, all five branches of the US army, as well as 425 of the US Ton of money 500.
In SEC documents filed on December 14, SolarWinds said that regarding 18,000 of 33,000 Orion consumers had actually downloaded updates that contained the back door.
SolarWinds has actually provided a safety and security advisory suggesting consumers on impacted products, applying safety updates, and also reduction actions.
Advanced cyber tradecraft
Nevertheless, in a safety and security consultatory released the other day, CISA said it had determined prospective access vectors besides Orion.
FireEye, it noted, has found that the adversary is warding off discovery and network analysis initiatives with techniques consisting of steganography, the usage of jeopardized or spoofed symbols for side activity, as well as time threshold checks to introduce uncertain delays between C2 communication attempts.
” Taken together, these observed methods suggest an enemy who is knowledgeable, sneaky with functional safety and security, and also is willing to use up substantial sources to keep hidden existence.”
,despite solarwinds microsoft azure business predicted ,despite solarwinds microsoft azure predicted ,solarwinds cyberattack azure business predicted benefit ,despite solarwinds azure business benefit ,despite cyberattack microsoft azure business predicted ,despite solarwinds microsoft azure business