Microsoft becomes third company to suffer compromise via malicious website visit

Share this article:
Microsoft fixes Internet Explorer and 'blue screen of death' vulnerabilities on Patch Tuesday
Microsoft fixes Internet Explorer and 'blue screen of death' vulnerabilities on Patch Tuesday

Microsoft has confessed that it has fallen victim to the same attack as both Facebook and Apple.

In a blog post, Matt Thomlinson, general manager of Microsoft's Trustworthy Computing Security, said that Microsoft can confirm that it also recently experienced a similar security intrusion to the internet giants.

He said: “Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organisations. We have no evidence of customer data being affected and our investigation is ongoing.”

The incident is extremely similar to the one suffered by Facebook, who discovered that its systems had been targeted in a sophisticated attack when some employees visited a mobile developer website that had been compromised, and Apple, whose employees had visited a website for software developers that had been infected with malicious software.

Web development company iPhoneDevSDK shouldered the responsibility for the Facebook compromise, with administrator Ian Sefferman saying that it was alerted to the fact that its site was "part of an elaborate and sophisticated attack whose victims included large internet companies" and prior to media attention, it had no knowledge of the breach and hadn't been contacted by Facebook, any other company, or any law enforcement about the potential breach.

Thomlinson said: “This type of cyber attack is no surprise to Microsoft and other companies that must grapple with determined and persistent adversaries. We continually re-evaluate our security posture and deploy additional people, processes and technologies as necessary to help prevent future unauthorised access to our networks.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more