Microsoft hacked … another enterprise targeted by hackers

The list of big enterprises hacked is lengthening, after Apple , FacebookTwitter and major US press agencies such as NYT and The Washington Post, now it is Microsoft turn.

Last Friday, Microsoft published a statement on its security web site “Microsoft Security Response Center” announcing that the company suffered a cyber attacks like other major IT firms.

“As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion. Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing.” The advisor states.

microsoft-hacked

According the giant of Redmond the number of infected computers was limited and also MAC machine were targeted by hackers, Microsoft doesn’t revealed the details of investigation that are still ongoing but confirmed that also in this case it has been used a malware that probably exploited a Java browser plug-in vulnerability.

The process of infection is tried, the victims simply visiting a compromised web site allowed the download of a malicious payload that infected the targeted machines.

The information collected since now let security expert think that a huge cyber espionage campaign is targeting the major IT enterprises to steal sensitive information and intellectual property, the dynamics of the event and schema of attacks suggest the involvement of a state-sponsored group of hackers.

Probably the cyber espionage campaign started several years ago exploiting vulnerabilities present in large consume products, it is shared thought that the attackers has assumed an active role in the research on dangerous software bugs.

To avoid serious problems it is suggested to follow few best practices:

  • keep up to date every systems and defense systems.
  • disable every browser plugin if it is not necessary.
  • train personnel on cyber threats and how to mitigate them.
  • establish efficient and responsive patch management process.
  • implement an incident response procedures.
  • share every information on the cyber attacks within security community and with law enforcement.

Sources: CDM and Microsoft

Subscribe to Cyber Defense Magazine

Join our mailing list, no strings attached. We never sell your data. We'll send you monthly e-magazines, webinar invites from us and our partners, cybersecurity trade show updates, awards, infosec news, cybersecurity tips and so much more on all things cyber defense.
Subscribe

Related News

Protecting The Enterprise in The Digital Era
February 23, 2013

CyberDefenseMagazine Follow 24,016 54,487

Cyber Defense Magazine - The Premier Source for IT Security and Compliance Information. https://t.co/748STKH6k0.

cyberdefensemag

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Global InfoSec Awards for 2024 are now Open! Take advantage of co-marketing packages and enter today!

Show Me!
X