CSC News Table of Contents
Microsoft Bolsters Cloud Logging to Tackle Nation-State Cyber Risks: In response to the growing threats posed by nation-state cyberattacks, Microsoft has announced an expansion of its cloud logging capabilities.
The move aims to empower organizations with enhanced visibility and investigation capabilities to counter cybersecurity incidents. This decision comes after a recent espionage attack campaign targeted Microsoft’s email infrastructure, leading the tech giant to take proactive measures.
Key Takeaways on Microsoft Bolsters Cloud Logging to Tackle Nation-State Cyber Risks:
- Microsoft’s Response: Expanding cloud logging capabilities to address the rising frequency and sophistication of nation-state cyber threats.
- Access to Detailed Logs: Users will have access to more comprehensive cloud security logs, including detailed email access data and over 30 other log types.
- Extended Retention Period: The default retention period for Audit Standard customers will be increased from 90 to 180 days.
Amidst the escalating nation-state cyber threats and growing concerns over cybersecurity incidents, Microsoft has taken decisive action to bolster its cloud logging capabilities. In a recent announcement, the tech giant revealed its plan to expand logging functionalities, empowering organizations to better investigate and respond to cyber incidents.
The move comes in the aftermath of an espionage attack campaign that targeted Microsoft’s email infrastructure, highlighting the need for increased security measures.
Enhanced Cloud Logging for Greater Visibility
Acknowledging the evolving nature of nation-state cyber threats, Microsoft is set to roll out an expansion of its cloud logging capabilities, starting from September 2023.
The initiative aims to provide all government and commercial customers with access to wider cloud security logs, allowing organizations to investigate cybersecurity incidents more effectively.
As part of this expansion, users will receive detailed logs of email access and over 30 other types of log data, which were previously accessible only at the Microsoft Purview Audit (Premium) subscription level.
Extending Data Retention Period
To further enhance cybersecurity measures, Microsoft will extend the default retention period for Audit Standard customers from 90 days to 180 days.
This extended data retention will facilitate comprehensive investigations and enable organizations to gain deeper insights into potential threats and attacks.
By granting access to keylogging data, Microsoft aims to empower customers in quickly mitigating cyber intrusions, reinforcing security-by-design principles.
Nation-State Cyberattacks Prompt Proactive Measures
The decision to expand cloud logging capabilities comes in the wake of a recent espionage attack campaign linked to a threat actor known as Storm-0558, operating from China.
This actor targeted 25 organizations, exploiting a validation error in the Microsoft Exchange environment. The incident raised concerns about detecting breaches effectively and the importance of elevated access to crucial logs for thorough investigations.
Continuous Investigation and Preparedness
Microsoft is actively investigating the intrusions carried out by Storm-0558, focusing on understanding the attacker’s methods and the acquisition of an inactive Microsoft account (MSA) consumer signing key.
The objective of the attacker appears to be unauthorized access to email accounts, highlighting the significance of robust logging capabilities to detect and respond promptly to cyber threats.
Conclusion
As the landscape of nation-state cyber threats continues to evolve, technology companies like Microsoft play a vital role in enhancing cybersecurity measures.
By expanding cloud logging capabilities and providing organizations with detailed access to essential logs, Microsoft takes proactive steps to empower its customers in investigating and mitigating cyber incidents.
The decision is a testament to Microsoft’s commitment to bolstering security and resilience in the face of evolving cyber risks.
