Microsoft said it plans to give away for free some tools that can detect cyberattacks that were unknown to some customers, following the revelation of a major security breach involving Chinese hackers last week.
The decision to open access to its back-end systems that log activities on the cloud came after Microsoft’s tiered payment system attracted criticism in the wake of an alleged Chinese cyber-espionage campaign, which the company said infiltrated its cloud-based email systems and compromised inboxes at nearly two dozen organizations globally. US officials said victims of the attack included officials from the State Department and the federal government, including Commerce Secretary Gina Raimondo.
Beginning in September, the technology company will make 31 critical security logs available free of charge to licensees of the company’s low-cost cloud services, including the type of email log that was used to identify the attack linked to China, Vice President Vasu Zakkal said. President of Security at Microsoft. Zakkal said the company will also increase the retention period for security logs from 90 to 180 days.
While the logs do not prevent cyber attacks, companies use them to detect and investigate hacks because the logs keep track of activity on Microsoft’s servers. In a recent breach linked to China, officials said last week that key logging information needed to trace the attack was available only to buyers of Microsoft’s top-tier Microsoft 365 cloud service, known as E5. Was. This left some customers with cheaper plans with no way of finding out if they had been hacked.
“This is an important step toward ensuring that every Microsoft customer has the right visibility to detect other threats we know about,” said Eric Goldstein, executive assistant director for cybersecurity at the US Cybersecurity and Infrastructure Security Agency. are targeting American organizations every day.”
Zakkal and Goldstein said the effort to identify valuable security logs and provide them free to Microsoft customers had been ongoing for a year and was the result of a collaboration between Microsoft and the Biden administration. Both declined to link Wednesday’s announcement directly to the alleged China hack. But Jakkal said, “Given the beauty of the landscape there was clearly an urgent need to complete it.”
Following the hack, senior Biden administration officials, a prominent Democratic senator and cybersecurity experts called on Microsoft to make computer logs of activity in the cloud more widely available. Once Microsoft became aware of the hacking campaign, which was first detected by the State Department, it was able to identify victims even though the companies targeted were not paying for premium service. But experts said a lack of visibility for some customers meant the attack went unnoticed for a long time.
Many companies are unaware that their cloud-computing products can come with incomplete logs, said Jake Williams, a cybersecurity consultant. Williams said, “I regularly consult with organizations that find out only when they have to investigate account takeovers.
Democratic Senator Ron Wyden of Oregon welcomed the move, but said large cyber security businesses like Microsoft have misaligned incentives, making it attractive to offer unsecured products and sell customers on cyber security add-ons. Has gone.
“Microsoft should not have done this many disastrous hacks of federal systems to standardize essential security features for government customers, but better late than never,” Wyden said in a statement. “Going forward, federal agencies must insist that software contracts include security logs and other cybersecurity features, so our national security is no longer compromised by shoddy procurement processes.”
In the alleged China breach, which Microsoft said dates back to May and was discovered about a month later, government officials said they were concerned that some users of Microsoft’s low-cost cloud offering would not be able to see the email logging information that led to the breach.
Microsoft is continuing its investigation into the recent alleged China breach, but to date the company has not explained how the hackers were able to carry it out. Goldstein said Tuesday that the federal government is investigating the hack and understanding its full implications. Officials have not formally linked the attack to Beijing, but have said they have no reason to suspect Microsoft was responsible. China denies the allegations and accuses the US of engaging in widespread cyber espionage.
“This was a sophisticated attack and we are working closely with Microsoft and the investigation is ongoing,” Goldstein said.