Microsoft Expands Free Logging Capabilities for all U.S. Federal Agencies

News

Feb 24, 2024NewsroomActive Directory / Data Protection

Microsoft has expanded free logging capabilities to all U.S. federal agencies using Microsoft Purview Audit irrespective of the license tier, more than six months after a China-linked cyber espionage campaign targeting two dozen organizations came to light.

“Microsoft will automatically enable the logs in customer accounts and increase the default log retention period from 90 days to 180 days,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said.

“Also, this data will provide new telemetry to help more federal agencies meet logging requirements mandated by [Office of Management and Budget] Memorandum M-21-31.”

Cybersecurity

Microsoft, in July 2023, disclosed that a China-based nation-state activity group known as Storm-0558 gained unauthorized access to approximately 25 entities in the U.S. and Europe as well as a small number of related individual consumer accounts.

“Storm-0558 operates with a high degree of technical tradecraft and operational security,” the company noted. “The actors are keenly aware of the target’s environment, logging policies, authentication requirements, policies, and procedures.”

The campaign is believed to have commenced in May 2023, but detected only a month later after a U.S. federal agency, later revealed to be the State Department, uncovered suspicious activity in unclassified Microsoft 365 audit logs and reported it to Microsoft.

The breach was detected by leveraging enhanced logging in Microsoft Purview Audit, specifically using the MailItemsAccessed mailbox-auditing action that’s typically available for Premium subscribers.

The Windows maker subsequently acknowledged that a validation error in its source code allowed for Azure Active Directory (Azure AD) tokens to be forged by Storm-0558 using a Microsoft account (MSA) consumer signing key, and then use them to penetrate the mailboxes.

Cybersecurity

The attackers are estimated to have stolen at least 60,000 unclassified emails from Outlook accounts belonging to State Department officials stationed in East Asia, the Pacific, and Europe, Reuters reported in September 2023. Beijing has denied the allegations.

It also faced intense scrutiny for withholding basic-yet-crucial logging capabilities to entities that are on the more expensive E5 or G5 plan, prompting the company to make changes.

“We recognize the vital importance that advanced logging plays in enabling federal agencies to detect, respond to, and prevent even the most sophisticated cyberattacks from well-resourced, state-sponsored actors,” Microsoft’s Candice Ling said. “For this reason, we have been collaborating across the federal government to provide access to advanced audit logs.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Products You May Like

Articles You May Like

CISOs Turn to Indemnity Insurance as Breach Pressure Mounts
THN Recap: Top Cybersecurity Threats, Tools, and Practices (Nov 04 – Nov 10)
Researchers Warn of Privilege Escalation Risks in Google’s Vertex AI ML Platform
Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims
Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes

Leave a Reply

Your email address will not be published. Required fields are marked *