Software security is a fast-paced, ever-evolving landscape. In fact over the past year, it is estimated that ransomware attempts have increased by more that 200 percent. This is just one reason why software security is integral to everyday business processes and new, innovative methods are needed to safeguard the security of software, network and business data.
Microsoft is an industry-recognized leader in cybersecurity and Desktop as a Service (DaaS) solutions. They’ve noticed a change in cyberthreat methods within recent years. And in response, they’ve designed an action plan to address this.
If you use Microsoft’s solutions, this is the article for you as we’ll be investigating:
- Recent Microsoft Azure Cloud Attacks
- Microsoft’s New Cybersecurity Approach
- The Secure Future Initiative
- Windows 10 End of Life Plans
Recent Microsoft Azure Cloud Attacks
Microsoft’s Azure portal has unfortunately experienced more than its fair share of cyberattacks over the past few years. But with almost one billion users worldwide, Azure is a prime target for threat actors. Some of the more notable attacks in recent years, include:
- 2020: Microsoft cloud services and SolarWinds software were compromised in a cyberattack that inserted a back door and gave the threat actors access to sensitive information. This attack took several months before it was detected and eliminated.
- 2021: Over 30,000 U.S. government and business email servers were hacked through loopholes found in Microsoft’s Exchange Service. A patch was issued, but the extent of the damage is still unknown.
- May - June 2023: Threat actors forged authentication tokens to access email accounts via Outlook Web Access in Exchange Online. They remained undetected for a month. The breached email accounts were across approximately 25 organizations, including government and business accounts. A patch has since been issued.
- June 9, 2023: Microsoft customers received error messages when trying to access the Azure portal. The DDoS attack focused on level layer 7 of the portal, which can mimic legitimate website traffic. Microsoft has since increased level layer 7 security, including fine tuning its Azure Web Application Firewall against future attacks.
Due to these and other attacks, Microsoft has decided to revamp their default security, in an effort to prevent future cyberattacks.
Microsoft's New Cybersecurity Approach
There are some big changes in store for how Microsoft develops and secures its software. In a November 2, 2023 blog article, Microsoft outlined their three part plan, by writing:
- First, we will transform the way we develop software with automation and AI.
- Second, we will extend what we have already created in identity to provide a unified and consistent way of managing and verifying the identities and access rights of our users, devices, and services, across all our products and platforms.
- Lastly, we are continuing to push the envelope in vulnerability response and security updates for our cloud platforms.
The Secure Future Initiative
Due to the increasing speed, scale and sophistication of cyberattacks, Microsoft chose to pivot and launched their Secure Future Initiative (SFI) – a plan designed to outline Microsoft’s new direction in cybersecurity protection.
The basis of this initiative focuses on AI cyber defenses, advances in fundamental software engineering and advocacy for stronger application of international norms to protect civilians from cyber threats.
More specifically, Microsoft will leverage more automation and AI to find security risks and software vulnerabilities. In addition, AI will be used to build a cybershield, designed to detect threats “as fast as the internet itself,” according to Brad Smith Microsoft vice chair and president.
This new direction in cybersecurity was largely spearheaded by the need to reduce the amount of time Microsoft takes to respond to major security vulnerabilities. “We plan to cut the time it takes to mitigate cloud vulnerabilities by 50 percent,” said Charlie Bell, head of Microsoft security.
Windows 10 End of Life Plans
Microsoft is planning to stop supporting Windows 10 on October 14, 2025. All editions will remain in support with monthly security update releases up until this date. However, users will also have the option of enrolling their PCs into Microsoft’s paid, annual Extended Security Update subscription program for security updates after regular support has stopped.
This change in operating systems will make many business (and home) PCs running Windows 10, obsolete. Therefore, we suggest that you start planning now for the continuity of your PC fleet.
In general, computers have a lifespan of approximately five years before they start running into costly speed reduction or repair issues. However, Microsoft’s decision to end automatic support for Windows 10 may move along your refresh plans a little faster.
The enhanced security features of Windows 11 are designed to create additional interference against malware, ransomware and other complex cyberattacks. These enhanced functionalities encouraged the planned sunsetting of the less secure Windows 10 product.
Communication, Collaboration and Productivity
Get everyone in your organization on the same page. Contact Elevity for a review of your Microsoft licensing. You could be eligible to streamline and simplify your licensing for greater cost savings. Why wait?