Cybersecurity firm Tenable’s CEO Amit Yoran has accused Microsoft of being “blatantly negligent”, slamming the tech giant over last month’s attack on Azure.
The Chinese cyberattack has left Microsoft under mounting criticism, with Senator Ron Wyden (D-OR) calling on the Department of Justice and other agencies to investigate the attack and hold Microsoft accountable.
Microsoft’s track record in cybersecurity is “even worse than you think”, Yoran wrote in a LinkedIn post. Holding Microsoft accountable for the Chinese attack, he went on to add that the tech giant had demonstrated a “repeated pattern of negligent cybersecurity practices”.
Microsoft’s Delayed Response Was “Grossly Irresponsible”, Says Yoran
Microsoft, on 12th July, reported a major breach from a cyberattack that targeted its Azure platform, affecting more than 25 organizations. The attack resulted in the theft of sensitive emails from US government officials.
The attack was later traced back to Storm-0558, a Chinese hacking group. The attack was first detected by cybersecurity firm Tenable, which then alerted Microsoft.
Amit also pointed out that according to data from Google’s Project Zero, Microsoft products accounted for 42.5% of all zero-day vulnerabilities since 2014.
However, Yoran revealed that the cybersecurity flaw in Azure, which allowed Chinese hackers to successfully carry out the attack, was already detected by Tenable back in March. The company also discovered that the flaw could allow malicious actors to gain access to a company’s sensitive information, including a bank.
Even after Tenable informed Microsoft of the cybersecurity flaw, the tech giant took “more than 90 days to implement a partial fix”, wrote Yoran, adding that the fix only applied to “new applications loaded in the service”.
This means the bank and all the other organizations which had launched the service before the detection of the flaw were still vulnerable and mostly in the dark about the risk.
Pointing out that Microsoft claims it will fix the issue by the end of September, i.e., four months after it was notified about the flaw, Yoran called the delayed response “grossly irresponsible, if not blatantly negligent”.
We know about the issue, Microsoft knows about the issue, and hopefully threat actors don’t.Amit Yoran, Tenable CEO
Accusing Microsoft of building a culture of toxic obfuscation and offering very little transparency, he expressed his doubt regarding whether “Microsoft will do the right thing given the fact patterns and current behaviors”.
Responding to his criticism, Microsoft senior director Jeff Jones released a statement assuring that the company is carrying out a thorough investigation and updating development for all versions of the affected products.
Developing a security update that maximizes consumer protection while limiting or avoiding disruptions is a delicate balance between quality and timeliness, he stated.
Security Breaches: A Growing Nightmare for Tech Giant
This isn’t the first time that Microsoft has been involved in a major security breach. The infamous Solar Winds hack of 2020, for instance, affected agencies across the US government.
Later in 2021, security flaws in the Microsoft Exchange Server software resulted in more than 30,000 US governmental and commercial organizations having their emails hacked.
Understandably, the big tech company is under increasing pressure to address security flaws across its platforms and services. New rules at the Securities and Exchange Commission will require companies to report a hack within days of discovery, forcing them to become more forthcoming about security issues.
It remains to be seen if Microsoft will face any action over its alleged negligence and the resulting cyberattack.
>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : TechReport – https://techreport.com/news/microsoft-slammed-by-tenable-ceo-for-blatantly-negligent-cybersecurity-practices/
