Taking a note of how serious the recent Microsoft Exchange hacks are, the US government has appointed the Cyber Safety Review Board to conduct an in-depth review of cloud security practices.

Results from this review will be shared with the US Parliament and CISA for implementation of appropriate measures. The same board has earlier worked on the Log4j case and the Lapsus gang. The latest review on cloud security will help organisations stay secure amidst active cyber attacks.

Analysing the Great Hack

Though a reliable service provider, cybercriminals often target Microsoft due to its extensive usage, a critical element of most sensitive organisations. The recent hack by a Chinese threat actor (tracked as Storm-0558) was one such incident, where the hackers breached the Microsoft Exchange servers of 25 organisations, including the US and Western European government agencies.

An internal investigation by Microsoft revealed that the hackers had obtained a Microsoft consumer signing key and used it to make forged keys to log in to the targeted accounts. This led them to monitor and steal the emails of government organisations, leading to a significant breach.

Though Microsoft revoked the stolen signing key and fixed the API flaw, it’s still unknown how the hackers acquired the key in the first place. This led the US Department of Homeland Security to assign the Cyber Safety Review Board (CSRB) to conduct an in-depth review of cloud security practices.

The board will explore how the government, industry, and cloud service providers can bolster identity management and authentication in the cloud industry and craft actionable cybersecurity recommendations for all stakeholders – the public and private sectors involved in the board.

The recommendations will be forwarded to CISA and the US Parliament for enactment and secure the cloud industry. CSRB has earlier worked on analysing the Log4j case and the activities of the Lapsus gang.