Microsoft Exchange hack to be investigated by US Cyber Safety Board

Follows a request made by Senator Wyden to initiate measures against Microsoft

A review to be conducted by the US Department of Homeland Security's Cyber Safety Review Board (CSRB) will focus on malicious attacks against cloud computing environments.

As part of the review, the CSRB intends to examine a high-profile breach that impacted Microsoft's Exchange Online email platform earlier this year.

The CSRB represents a collaborative effort between government and industry leaders, aimed at enhancing understanding of noteworthy cybersecurity occurrences. It was established last year by the Department of Homeland Security (DHS) in accordance with an executive order signed by President Joe Biden in 2021.

The initiative encompasses delving into the root causes, countermeasures, and responses associated with such incidents, ultimately resulting in the formulation of recommendations.

The Board lacks regulatory authority and does not function as an enforcement entity. Its primary objective is to discern pertinent insights from past experience, enabling the enhancement of future practices and the heightened safeguarding of communities within the nation.

CSRB's first report focused on the operations of the cybercriminal group Lapsus$.

The upcoming review will centre around strategies that government entities, industries, and Cloud Service Providers (CSPs) can implement to enhance identity management and authentication mechanisms within the cloud.

The suggested measures will subsequently be conveyed to the Cybersecurity and Infrastructure Security Agency (CISA) as well as the present US administration, and it will be their responsibility to determine the necessary steps for safeguarding government systems and accounts.

"We must as a country acknowledge the increasing criticality of cloud infrastructure in our daily lives and identify the best ways to secure that infrastructure and the many businesses and consumers that rely on it," said CSRB chair and DHS under secretary for policy Rob Silvers.

Alejandro Mayorkas, secretary of Homeland Security, said that organisations of all kinds are increasingly dependent on cloud computing to provide services to the American people, underscoring the importance of comprehending the vulnerabilities inherent in this technology.

"Cloud security is the backbone of some of our most critical systems, from our e-commerce platforms to our communication tools to our critical infrastructure," Mayorkas added.

The review follows a request made by US Senator Ron Wyden in July, who urged the Federal Trade Commission, CISA and the Justice Department to initiate measures against Microsoft in response to the hack.

In his letter, the Senator asked the CSRB to examine whether Microsoft's lax security measures enabled the hack.

Microsoft has faced growing scrutiny subsequent to disclosures that hackers, purportedly acting on behalf of Beijing, obtained access to one of its cryptographic keys.

After exploiting a coding vulnerability, the hackers managed to exploit broad access to the company's cloud email platform.

Microsoft has also faced criticism due to the fact that evidence of the hack was visible exclusively to customers who subscribed to a premium logging tier. Microsoft has since announced that customers will be granted broader logging and storage capabilities without any extra charges.

The company has attributed the attacks to a threat actor named Storm-0558, operating out of China.

Prior to this incident, US officials had voiced apprehensions regarding potential cyberattack emanating from state-supported Chinese hackers, an accusation consistently refuted by China.