- Microsoft will no longer send threat proof of concepts to Chinese firms
- The alerts are part of the MAPP vulnerability alert system
- Many believe the Chinese government was involved in the recent SharePoint attack
Access to Microsoft’s early warning system for cybersecurity vulnerabilities will be reduced for some companies following a campaign of attacks which leveraged vulnerabilities in the company’s SharePoint platform to target as many as 400 organizations.
Microsoft has restricted access for Chinese firms after suspicions that Beijing was involved in the attacks, with many believing there was a leak in Microsoft’s Active Protections Program (MAPP) – the system Microsoft uses to alert security firms of threats to help them pre-empt hacks and pro-actively defend against attackers.
These vulnerabilities have now been patched, but have previously been observed in the wild being used to deploy ransomware. The flaw allowed attackers to extract cryptographic keys from Microsoft client servers, in turn allowing them to install programmes onto the server, including backdoors or malware.
In the wrong hands
Experts believe the most likely scenario for the explosion of SharePoint attacks was thanks to a rogue member of the MAPP program – and as such, Microsoft will no longer send ‘proof of concept code’ to Chinese firms.
This refers to a demonstration of a concept that helps security teams prepare for an attack by adapting their systems.
TechRadar Pro has reached out to Microsoft to ask about any updates on its investigation, but the firm so far has not offered a comment.
On the other hand, if threat actors are alerted to the defender’s plans, they get a head start and can evolve their tactics.
Microsoft identified the possibility in which attackers exploit the alert system; “which is why we take steps – both known and confidential – to prevent misuse”
“We continuously review participants and suspend or remove them if we find they violated their contract with us which includes a prohibition on participating in offensive attacks,” the company confirmed.
Via Reuters
You might also like
https://cdn.mos.cms.futurecdn.net/5041fbe73089e0689408c540ac34ef05.jpg
Source link
