Microsoft has announced via its Security Response Center blog that it has been the victim of a hacking similar in nature to those experienced by Apple and Facebook recently. Matt Thomlinson, General Manager of Trustworthy Computing Security at Microsoft, has penned a blog post on the matter.
Thomlinson makes reference to the Facebook and Apple hacking events by name, indicating that the vector for attack was the same. These incidents were perpetrated by utilizing a zero-day Java vulnerability injected into an iOS developer website without the owner’s knowledge.
Microsoft chose not to make a statement during the ‘initial information gathering process’, says Thomlinson. The investigation turned up a ‘small number’ of infected computers, including some in the Mac business unit. Thomlinson says that they were infected with malicious software using ‘similar techniques’ to those already documented by Facebook and Apple. Microsoft has no evidence of affected customer data at this time.
“This type of cyber attack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries,” Thomlinson adds. “We continually re-evaluate our security posture and deploy additional people, processes, and technologies as necessary to help prevent future unauthorized access to our networks.”
This latest round of hackings began becoming public earlier this month, with an acknowledgement by Twitter that it was hacked and up to 250k user accounts may have been compromised. It continued with Facebook announcing that a Java exploit had been used to install Malware on employee computers. Apple was the next to go public, noting that the same methods that had been used to attack other organizations were also in play.
The vector for these attacks was popular iOS development site iPhone Dev SDK. We previously detailed exactly how the hack was implemented without the owner of the site even knowing.
A previously unknown Java vulnerability that was patched on Mac computers by Apple after the hacking was uncovered was used in all cases. The timeline for the malware’s presence on the site is still under investigation, but it looks as if it was ended voluntarily by the hacker on January 30th.
Earlier today, in what appears to be an unrelated incident, Microsoft Azure components went down worldwide, affecting many services including Xbox Live. The cause of that appears to be an expired security certificate.
As our own Emil Protalinski notes, this kind of ‘watering hole’ attack is only going to get worse as time goes on, and affects those of us who are ‘computer savvy’ just as much as it does novices.
Image Credit: Stephen Brashear/Getty Images