Defaced by Syrian Electronic Army

It turns out that the Syrian Electronic Army (SEA) is up to its old tricks today. The news came to me in a flurry of messages from folks. They had noticed that Microsoft's site had been defaced. 

Shortly after I took the initial screen shot I went back to check and sure enough it appears that the site was scrubbed completely and was a base IIS7 image at the time of this writing. 

I'm awaiting a message back from the folks at Microsoft as to what actually transpired. 

If I was a betting man I would hazard that one of the blog site administrators was phished and hat their credentials compromised leading to the defacement. 

Their other common attack is to compromise the DNS (Domain Name Service) and repoint the domain. In this case it doesn't appear to have been the case. 

When I checked on the IP address it was in fact part of a Microsoft owned IP block

Once I hear from Microsoft I will update the article. Hopefully this was only a cosmetic defacement and no customer data was accessed.

[UPDATE]: I received a response from Microsoft today (Jan 21) regarding the breach. They said, “A targeted cyberattack temporarily affected the Microsoft Office blog and the account was reset. We can confirm that no customer information was compromised.  Microsoft continues to take a number of actions to protect our employees and accounts against this industry-wide issue.” a Microsoft spokesperson.

(Thanks to Jason, Brett, Scott and A for the heads up)

Cybersecurity market research: Top 15 statistics for 2017