Google Criticizes Microsoft’s Cybersecurity Following Analysis of Recent Attacks
Google’s cybersecurity experts, following an analysis of recent cyber-attacks on Microsoft services, concluded that the software giant is “incapable of securing its systems and therefore its clients’ data”.
Failure to Report Security Vulnerability
Google’s report suggests that Microsoft failed to adequately inform the public about a security vulnerability exploited by Chinese hackers last year for an attack on Exchange email servers. This attack provided hackers access to the contents of U.S. government officials’ mailboxes, including those in the national security sector.
Claims Backed by U.S. Cybersecurity Evaluation Council
Google cites the findings of the U.S. Cybersecurity Evaluation Council (CSRB), part of the Department of Homeland Security (DHS). The CSRB had earlier concluded that Microsoft’s clients were inadequately informed about this cyber-event. As a result, these clients were unable to gauge accurately the impact of the hacker attack on them.
Hackers’ Exploitation of Consumer Account Sign-in Key
In the attack, hackers utilized the sign-in key of consumer Microsoft accounts to generate fake tokens, facilitating access to accounts on the Outlook Web App (OWA) and Outlook.com. Microsoft has not been able to determine how the hackers stole the sign-in key. Google’s report emphasized that Microsoft’s failure to identify how the malicious actors obtained access to this information illustrates “clear proof” that the software giant cannot prevent future cyber-attacks on itself and its customers.
Google Recommends Its More Secure Alternative
“The recurring security issues regarding Microsoft necessitate a better alternative for both organizations and government contractors”, stated Google’s message. The company is confident that its Google Workspace platform is a more secure alternative. Additionally, Google offers discounts to corporate and government clients migrating from Microsoft services. Companies can avail of 18 months of free Workspace usage with a three-year contract.
This post was last modified on 05/20/2024