Microsoft Trims Cloud Cyberattack Surface in Security Push

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Trims Cloud Cyberattack Surface in Security Push


The company has jettisoned hundreds of thousands of unused apps and millions of unused tenants as part of its Secure Future Initiative.



Microsoft so far has eliminated some 730,000 unused applications and 5.75 million inactive tenants within its cloud environment as part of its sweeping Secure Future Initiative (SFI), designed to shore up security following a couple of major intrusions into its network over the past year.
The company has also deployed 15,000 new, locked-down devices for software production teams over the past three months and implemented video-based identity verification for 95% of its production staff. In addition, Microsoft has updated its Entra ID and Microsoft Account (MSA) processes for generating, storing, and rotating access token signing keys for public and government clouds.
The changes are part of a broader Microsoft effort to reduce its attack surface, strengthen cloud identity and authentication mechanisms, and boost its ability to detect and respond to threats.
Since the initiative began
, weve dedicated the equivalent of 34,000 full-time engineers to SFI — making it the largest cybersecurity engineering effort in history, said Charlie Bell, executive vice president of Microsoft Security in an
update this week
.
Microsoft launched SFI in November 2023, a few months after Chinas Storm-0558 breached the companys Exchange Online infrastructure and accessed email accounts across more than
two dozen government agencies
. Among those affected were senior officials working on US relations with China. In a second incident last year that Microsoft only discovered and reported in January 2024, Russias
Midnight Blizzard
 breached the companys corporate email accounts via a low-tech password spraying attack.
The US Department of Homeland Securitys Cyber Safety Review Board (CSRB) conducted a
fact-finding analysis
of the Storm-0558 incident and concluded the intrusion stemmed from a
cascade of security failures
at Microsoft at a strategic and cultural level. The board made several recommendations for Microsoft to
bolster cloud security,
especially around identity and authentication.
Microsoft has identified six areas for improvement with SFI: identity and secrets; security around cloud tenants and production systems; protections for engineering systems; network security; threat detection and monitoring; and incident response and remediation.
Bells report this week provided an update on the progress the company has been making in each of those areas. The updates to Entra ID and Microsoft Account, for instance, are part of an effort to better protect critical signing keys for remote authentication, from misuse. Storm-0558 actors took advantage of a single, errant signing key and a vulnerability in Microsofts authentication system to grant themselves the ability to access essentially any Exchange Online account around the world.
Similarly, the elimination of hundreds of thousands of unused apps and millions of inactive tenants are part of an effort to reduce the surface area for potential attacks against cloud tenants and production systems.
On the network security front, Microsoft has implemented mechanisms for improving visibility: The company now maintains a central inventory for more than 99% of physical assets on its production network. Virtual networks with backend connectivity are isolated from the Microsoft corporate network and subject to complete security reviews to reduce lateral movement, Microsofts Bell wrote.
To protect engineering systems, Microsoft has begun using centrally managed pipeline templates for 85% of its production builds for the commercial cloud, reduced the lifespan of personal access tokens to seven days, and disabled Secure Shell Access to internal Microsoft engineering repos. Proof of presence checks are now mandatory for critical points along Microsofts software development process.
This is the second update that Microsoft has provided on the progress the company has been making with SFI. A
previous one in May
focused largely on changes that Microsoft has been making at the organizational level to — among other things — hold executives directly responsible for security.
The changes the company has made at the organizational level include tying compensation for senior leadership to specific security goals and milestones, tying the threat intelligence team more tightly to the enterprise CISOs office, and requiring engineering and security teams to work together.

Last News

▸ New threat discovered: Mobile phone ownership compromised. ◂
Discovered: 23/12/2024
Category: security

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Trims Cloud Cyberattack Surface in Security Push