Microsoft Now Alerting Users To State-Sponsored Attacks - InformationWeek
IoT
IoT
Software
News
12/31/2015
11:05 AM
50%
50%

Microsoft Now Alerting Users To State-Sponsored Attacks

Microsoft is changing its policy after a Reuters report revealed that the company didn't alert users under similar previous circumstances.

Microsoft's 2016: More Windows 10, Hardware Advances, Research Gains
Microsoft's 2016: More Windows 10, Hardware Advances, Research Gains
(Click image for larger view and slideshow.)

Microsoft is joining a host of other tech giants in tweaking its information security policies, announcing it will now notify its users if Redmond believes an account has been targeted or compromised by an individual or group working on behalf of a nation state.

The announcement comes following a Dec. 30 Reuters report that sourced former Microsoft employees and claimed the company did not tell users that Chinese authorities had hacked over a thousand Hotmail accounts years ago.

When contacted by Reuters, the company also confirmed that it had not told the users of the hack, which was first discovered by Trend Micro back in May 2011.

"We're committed to helping our users keep their personal information secure and private," Scott Charney, Microsoft's corporate vice president of trustworthy computing, wrote in a blog post. "A key part of our work is identifying and preventing unauthorized access to your Microsoft Account, including Outlook.com email and OneDrive, by anyone other than you."

(Image: Pete_Flyer/iStockphoto)

(Image: Pete_Flyer/iStockphoto)

Microsoft already notify users if the company believes their accounts have been targeted or compromised by a third party. The company also provides guidance on measures users can take to keep their accounts secure.

Redmond also noted that the evidence it collects in any active investigation may be sensitive, so the company does not plan on providing detailed or specific information about the attackers or methods they use.

However, when the evidence reasonably suggests the attacker is state sponsored, Charney said Microsoft will say so.

Microsoft is just the latest major tech company to refine its alert process. Earlier this week, Yahoo announced it is planning to notify its customers if the company suspects that their accounts have been hacked by parties working on behalf of governments.

These new Yahoo notifications will provide targeted users with specific actions they can take to help ensure that their Yahoo accounts are safe and secure.

Microsoft also provided a list of steps that it said everyone should take to help keep their online personal information secure, including turning on two-step verification, which makes it harder for hackers to access an account even if they guess the user's password, because if they try to sign in on a device Microsoft doesn't recognize, they will be asked for an extra security code.

Microsoft allows its users to authenticate the second step from a special app on their smartphones, or have it sent to a different email address or through an SMS text message.

The company also recommends making sure the password contains a mix of letters, numbers, and symbols, isn't a complete word and is different than the password used on other sites, and suggests its best to change the password often.

[Read more about Microsoft's efforts to secure companies' data.]

In order to prevent against viruses on Windows PCs, Microsoft said users should turn on Windows Update to ensure PC and Microsoft software stay up to date, as well as installing a reputable anti-virus and anti-malware software platform.

The company noted both Windows 8.1 and Windows 10 already include free anti-malware software called Windows Defender.

In addition, the Microsoft Account Security Page provides additional information regarding the steps users can take to better protect personal data and make any necessary changes.

**Elite 100 2016: DEADLINE EXTENDED TO JAN. 15, 2016** There's still time to be a part of the prestigious InformationWeek Elite 100! Submit your company's application by Jan. 15, 2016. You'll find instructions and a submission form here: InformationWeek's Elite 100 2016.

Nathan Eddy is a freelance writer for InformationWeek. He has written for Popular Mechanics, Sales & Marketing Management Magazine, FierceMarkets, and CRN, among others. In 2012 he made his first documentary film, The Absent Column. He currently lives in Berlin. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jries921
50%
50%
jries921,
User Rank: Ninja
1/4/2016 | 1:18:52 PM
Good thing
We'll see how long it lasts.  I'm sure there are several authoritarian governments that are very unhappy about this, but if western providers stick together, there won't be much they can do.
nasimson
50%
50%
nasimson,
User Rank: Ninja
1/4/2016 | 9:37:07 AM
Re: Serious Consequences
@tzubair: Microsoft wants to continue to operate in China. No? :) One can not operate in China and say NO to the Chinese govt.
Li Tan
50%
50%
Li Tan,
User Rank: Ninja
1/3/2016 | 4:29:23 PM
Re: Serious Consequences
Exactly - the privacy must be protected properly. Furthermore, the backdoor is not acceptable to give hackers the opportunity to exploit.
batye
50%
50%
batye,
User Rank: Ninja
1/1/2016 | 11:26:02 PM
Re: Serious Consequences
@tzubair, sad reality we are entering new stage of State sponsored cyber wars... 
tzubair
50%
50%
tzubair,
User Rank: Ninja
12/31/2015 | 12:27:24 PM
Serious Consequences
 

"the company did not tell users that Chinese authorities had hacked over a thousand Hotmail accounts years ago"

I think this has to be a very serious issue which did not surface much in the news. If the authorites managed to hack and download all the emails from these accounts these could lead to very serious consequences. Regardless of whether these people were potential criminals, I don't think the country or any authority should get this right.

 
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll