Takeaways for Microsoft cloud customers and partners after the SolarWinds breach

In December 2020, federal investigators and the tech industry discovered an astonishing systems breach dating back to March and most likely launched by the Russia-backed Cozy Bear hacking group. The massive exploit targeted SolarWinds software publishing infrastructure, leading many to refer to it as the SolarWinds breach. But in fact, attackers appear to have also gained access to Microsoft customers' Azure and Office 365 credentials through vulnerabilities in Microsoft partners' systems. As more details about this widespread breach of federal agencies and private organizations come to light, how should customers and partners understand what has happened and prepare for future risks?

MSCloudNews reached out to partners and security experts to find out about their perspectives, including the important question of data security in the customer-partner relationship.

Shoring up the partner approach to security and handling security questions in the customer relationship

Emerging details about the breach indicate that SolarWinds was attacked through its build system, possibly accessed through an Office 365 account. Attackers modified SolarWinds' software distribution, sending slightly modified copies of its network monitoring software, Orion, out to customers. This trojan was activated to steal vital data, funneling it back to attackers under the guise of legitimate SolarWinds traffic.

Microsoft's own software was also implicated. At least one reseller was targeted for a supply chain attack, while the Zerologon vulnerability in Microsoft's NetLogon authentication protocol let attackers get at usernames and passwords in every Microsoft network they breached.

Pascal Geenens, director of threat intelligence for Microsoft partner Radware shared his thoughts on the breach: