WebProNews

Tag: Tom Burt

  • Microsoft Buying Cybersecurity Startup Miburo

    Microsoft Buying Cybersecurity Startup Miburo

    Microsoft is continuing its efforts to bolster cybersecurity, announcing a deal to purchase startup firm Miburo.

    Miburo is a cybersecurity startup that specializes in detecting and responding to foreign information operations. The company works to detect and analyze “malign influence and extremism,” working with cybersecurity professionals, intelligence agencies, law enforcement, and the military. Microsoft sees the startup as a good fit for its own cybersecurity efforts.

    “Miburo, led by founder Clint Watts, will become part of the Customer Security and Trust organization,” writes Tom Burt, Corporate Vice President, Customer Security and Trust. “Working in close collaboration with the Microsoft Threat Intelligence Center, our Threat Context Analysis team, our data scientists and others, the new analysts from Miburo will enable Microsoft to expand its threat detection and analysis capabilities to address new cyber-attacks and shed light on the ways in which foreign actors use information operations in conjunction with other cyber-attacks to achieve their objectives. Miburo has become a leading expert in identification of foreign information operations. Miburo’s research teams detect and attribute malign and extremist influence campaigns across 16 languages.”

    The announcement comes on the heels of multiple efforts by Microsoft to shore up its cybersecurity business, including a new security managed service, Microsoft Defender Experts.

  • Microsoft: Russia-Backed SolarWinds Hackers Targeting Cloud Services

    Microsoft: Russia-Backed SolarWinds Hackers Targeting Cloud Services

    Microsoft is warning that Nobelium, the group behind the SolarWinds attack, is active again and targeting cloud services.

    Nobelium is a hacker group that is backed by and part of the Russian intelligence service SVR. The group was responsible for the devastating SolarWinds attack in 2020. The hack hit multiple US government agencies, as well as high-profile corporations, including Microsoft.

    Tom Burt, Microsoft Corporate Vice President, Customer Security & Trust, is warning in a blog post that the group is once again active, and is targeting companies that provide cloud services.

    Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain. This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers. We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.

    Burt warns that Nobelium has already been extremely active in 2021,

    These attacks have been a part of a larger wave of Nobelium activities this summer. In fact, between July 1 and October 19 this year, we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits. By comparison, prior to July 1, 2021, we had notified customers about attacks from all nation-state actors 20,500 times over the past three years.

    The increased rate of attacks seems to indicate that Russia is working to achieve a long-term digital foothold in various cloud infrastructure platforms.

    This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government.

    The revelation is further evidence of the importance of companies and organizations of all sizes having strong, comprehensive security policies in place and building their products with a security-first mindset.

  • Hackers Targeting COVID-19 Vaccine Companies

    Hackers Targeting COVID-19 Vaccine Companies

    Microsoft has revealed that “nation-state” actors have been targeting the companies and researchers working on COVID-19 vaccines.

    According to Microsoft, one of the groups, Strontium, originates in Russia. Two others hail from North Korea. The three groups have targeted companies and researchers in Canada, France, India, South Korea and the US.

    “Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials,” writes Tom Burt – Corporate Vice President, Customer Security & Trust. “One is a clinical research organization involved in trials, and one has developed a Covid-19 test. Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for Covid-19 related work.”

    To help protect companies and researchers, Microsoft has made its AccountGuard available at no cost to COVID-19 healthcare providers.

    “Organizations are also taking steps to protect themselves. In April, we announced that we were making AccountGuard, our threat notification service, available to health care and human rights organizations working on Covid-19,” continues Burt. “Since then 195 of these organizations have enrolled in the service and we now protect 1.7 million email accounts for health care-related groups. Any health care-related organizations that wish to enroll can do so here.”

    It’s a sad state of affairs that hackers would continue to take advantage of the COVID-19 pandemic. Microsoft is to be commended for its efforts to help protect researchers.