Microsoft will expand free cloud sign-up after recent hacking attacks, TechTarget reports.
Microsoft’s announcement is in response to criticism it has received regarding the lack of registration data for certain cloud services licenses. The criticism stemmed from a series of attacks by a China-based threat actor that broke into the email accounts of about 25 organizations, including several U.S. federal agencies.
The perpetrator of the threat, which Microsoft has named Storm-0558, used a stolen Microsoft System Account (MSA) key to forge access tokens that allowed the attacker to gain access to Outlook Web Access email accounts on Exchange Online and Outlook.com. The threat activity was originally discovered in June by an unnamed Federal Civilian Executive Branch (FCEB) agency that reported the attack to Microsoft.
CISA noted that the FCEB agency was only able to detect the intrusion because it had enabled enhanced logging for its Microsoft 365 services, which provided the agency’s security team with relevant data about the compromised email accounts.
Eric Goldstein, who is executive assistant director for cybersecurity at CISA, wrote in a blog post that the agency has been working with Microsoft over the past few months to determine the types of logs needed to identify cyberattacks.
He said asking organizations to pay more for the required logging is “a recipe for inadequate visibility when investigating cyber security incidents”. It could allow bad actors to reach dangerous levels of success in attacks against U.S. organizations.