CISA issued the ED 24-04 after a Microsoft breach to help federal agencies

Microsoft's security system falls short of customer expectations

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

ED 24-04 seen through AI image generation

The Cybersecurity and Infrastructure Security Agency (CISA) issued the Emergency Directive (ED 24-04). CISA took this action to ensure that federal agencies remediate their compromised data. If you didn’t know, the Russian state-sponsored cyber actor Midnight Blizzard targeted Microsoft corporate accounts. Also, they have accessed correspondence with the Federal Civilian Executive Branch (FCEB).

Microsoft revealed that the attackers managed to access its source code repositories. However, the company says there is no evidence that the hackers breached customer services. Yet, CyberScoop reported the appearance of ED 24-04 two days ago.

What does the Emergency Directive (ED 24-04) do?

The ED 24-04 urges federal agencies to investigate the security breaches. In addition, they should change login credentials, API keys, and identification tokens. On top of that, potentially affected agencies should take additional steps to ensure the security of their Microsoft Azure accounts. Also, CISA will help federal agencies comply with it and complete the requirements by April 30, 2024.

Consider the ED 24-04 a warning and check your Microsoft accounts. In addition, if you have any suspicions, contact your Microsoft account team for additional questions. You can also contribute to CISA research by submitting malware samples and infected files. After all, the security agency has a new malware analysis system known as Malware Next-Gen.

Unfortunately, we don’t know the number of federal agencies affected by the hackers. Yet, CISA claims they all received email notifications after the ED 24-04.

The US Cyber Safety Review Board (CSRB) considers that Microsoft could have prevented the attack. Thus, the board thinks that Microsoft lacks a proper security culture. However, the CSRB report showcases various failures made by the tech giant before, during, and after the attack.

Ultimately, Microsoft is falling short of customer expectations. Additionally, threat actors keep finding ways to breach the company. For example, a recent breach allowed threat actors to access a poorly defended Azure server. On top of that, Chinese hackers managed to steal 60,000 emails from the US State Department. Thus, the ED 24-04 is a great preventive call for all companies using Microsoft services.

What do you think? Should the US Government seek solutions from other companies? Let us know in the comments.

More about the topics: Cybersecurity, microsoft, Microsoft Azure