DHS releases findings on Microsoft Exchange hack; said it could've been prevented

Reading time icon 2 min. read

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Key notes

  • DHS report finds Microsoft security lapses led to major cyberattack.
  • Report urges Microsoft to improve security and share a public reform plan.
  • Cloud service providers need stricter controls and better transparency.

The Department of Homeland Security (DHS) unveiled a critical report today showing a big security lapse by Microsoft that led to a cyberattack on its Exchange Online platform in July 2023. The report, made by the Cyber Safety Review Board (CSRB), shows flaws in Microsoft’s security practices and outlines recommendations for the company and the cloud service industry as a whole.

The CSRB said that the attack, attributed to a group affiliated with the Chinese government, could have been prevented. The report points to a lack of prioritization of security measures by Microsoft, which created vulnerabilities that hackers were able to exploit.

Individuals and organizations across the country rely on cloud services every day, and the security of this technology has never been more important, Nation-state actors continue to grow more sophisticated in their ability to compromise cloud service systems. Public-private partnerships like the CSRB are critical in our efforts to mitigate the serious cyber threat these nation-state actors pose. The Department of Homeland Security appreciates the Board’s comprehensive review and report of the Storm-0558 incident. Implementation of the Board’s recommendations will enhance our cybersecurity for years to come.

Said Secretary of Homeland Security Alejandro N. Mayorkas

The CSRB asks Microsoft to take immediate action. Their recommendations include a public plan outlining fundamental security reforms across Microsoft’s products. Thankfully, Microsoft has already confirmed cooperation with the review board.

But, it is not only for Microsoft. The CSRB has issued a series of recommendations for all cloud service providers (CSPs) to strengthen their security. These recommendations include 

  • stricter access controls, 
  • baseline audit logging, and 
  • improved transparency regarding vulnerabilities and incidents.

The DHS press release also talks about the recommendations for the U.S. government. 

The creation of the CSRB in 2022 underscores the growing importance of cybersecurity. Collaboration between government, industry leaders, and cloud providers strengthens defenses against cyberattacks.

More here.