Last Friday, Microsoft published a statement on its security web site “Microsoft Security Response Center” announcing that the company suffered a cyber attacks like other major IT firms.
“As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion. Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing.” The advisor states.
According the giant of Redmond the number of infected computers was limited and also MAC machine were targeted by hackers, Microsoft doesn’t revealed the details of investigation that are still ongoing but confirmed that also in this case it has been used a malware that probably exploited a Java browser plug-in vulnerability.
The process of infection is tried, the victims simply visiting a compromised web site allowed the download of a malicious payload that infected the targeted machines.
The information collected since now let security expert think that a huge cyber espionage campaign is targeting the major IT enterprises to steal sensitive information and intellectual property, the dynamics of the event and schema of attacks suggest the involvement of a state-sponsored group of hackers.
Probably the cyber espionage campaign started several years ago exploiting vulnerabilities present in large consume products, it is shared thought that the attackers has assumed an active role in the research on dangerous software bugs.
To avoid serious problems it is suggested to follow few best practices:
- keep up to date every systems and defense systems.
- disable every browser plugin if it is not necessary.
- train personnel on cyber threats and how to mitigate them.
- establish efficient and responsive patch management process.
- implement an incident response procedures.
- share every information on the cyber attacks within security community and with law enforcement.
Sources: CDM and Microsoft