Risky Bulletin: New Microsoft Accounts Will Be Passwordless by Default

Podcast Information:

• Title: Risky Bulletin
• Host/Author: risky.biz
• Episode: Risky Bulletin: New Microsoft accounts will be passwordless by default
• Release Date: May 2, 2025
• Description: Regular cybersecurity news updates from the Risky Business team.

Introduction

In the May 2, 2025 episode of Risky Bulletin, host Claire Aird presents a comprehensive overview of the latest developments in the cybersecurity landscape. The episode, prepared by Catalyn Kim and Panu, delves into significant updates ranging from Microsoft's shift to passwordless authentication to major breaches affecting prominent companies.

Microsoft Embraces Passwordless Authentication

Microsoft is making a pivotal change by instituting passwordless logins as the default for all new user accounts. This initiative leverages advanced authentication methods such as passkeys and facial recognition to enhance security and user experience.

"New Microsoft accounts will be passwordless by default. Login alternatives will include passkeys or facial recognition."
— Claire Aird [00:04]

Microsoft has also revamped its login interface to make passwordless options more attractive to users. Since integrating passkey support a year prior, the company has witnessed the creation of over a million passkeys daily, as reported by the Dutch government.

US Dominates the European Cybersecurity Market

The European Union’s reliance on foreign entities for cybersecurity services remains a concern. US-based companies command a substantial 75% share of the EU cybersecurity market, leaving only 25% occupied by European providers. This imbalance has prompted EU officials to advocate for reallocating some defense funds towards bolstering internal cybersecurity capabilities.

"US companies dominate the European cybersecurity market, with EU providers making up just 25%."
— Claire Aird [02:15]

Security Breaches in UK Retail Sector

Two major UK retail chains, Co Op and Harrods, have recently disclosed security breaches aimed at infiltrating their internal systems. In response, Co Op has partially disabled its IT infrastructure and mandated that employees keep their cameras on during virtual meetings to detect potential insider threats.

"Retailer Co Op has disabled part of its IT system and has told staff to turn cameras on during virtual meetings."
— Claire Aird [03:05]

Harrods has taken the precautionary step of disconnecting Internet access at its stores while investigating the breach. These incidents underscore the persistent vulnerability of the retail sector to cyberattacks.

Additionally, Marks & Spencer experienced a significant financial setback, losing £500 million in market value following a cyberattack earlier in the week.

Commvault and Grafana Suffer Breaches

Backup software giant Commvault announced a breach in its Azure environment, attributing the intrusion to a state-sponsored group. Fortunately, the attackers did not access customer backup data, and the incident is unrelated to a recent flaw exploited in on-premises Commvault backup servers.

"The company says the breach in February was the work of a state-sponsored group, but the attackers did not gain access to customer backup data."
— Claire Aird [04:20]

Meanwhile, Grafana, known for its IT monitoring solutions, reported unauthorized access to its GitHub repository and authentication tokens. The breach was traced to a newly deployed GitHub action. Grafana has since rotated all exposed tokens and found no evidence of further compromise.

Geopolitical Cyber Threats

US officials have accused China of orchestrating a cyberattack on Guatemala's Ministry of Foreign Affairs in September 2022. The breach was uncovered during a collaborative investigation between the Guatemalan government and the US military, highlighting ongoing tensions in cyber espionage.

In related news, Artem Stryshak, a Ukrainian national linked to the Nephilim ransomware gang, was extradited from Spain to the US. Stryshak's arrest marks a significant development in the fight against ransomware operations targeting North American and Australian enterprises.

Apple Alerts Users to Government Spyware

Apple has issued a new round of notifications to over 100 countries' users, warning them about potential government spyware targeting their devices. Notable recipients of these alerts include an Italian journalist and a Dutch right-wing activist, indicating the breadth of Apple’s protective measures.

"Apple has sent a fresh round of notifications to users who may have been targeted with government spyware."
— Claire Aird [05:00]

Phishing and Cryptocurrency Threats

Cryptocurrency wallet owners, particularly those using Ledger, are being targeted by threat actors sending meticulously crafted paper letters. These letters impersonate Ledger’s security team and prompt recipients to validate their wallets via a QR code, leading to phishing pages designed to steal recovery phrases and drain wallets.

In other crypto-related news, Ecks, a cryptocurrency mixer service, has ceased operations following its ties to money laundering activities. Launched in 2014 and gaining popularity in 2022, Ecks facilitated the laundering of funds from significant hacks involving Parity Wallet, Bitbrowser, and Bybit.

"Cryptocurrency mixer Ecks has shut down operations after being linked to money laundering."
— Claire Aird [06:10]

Ransom Hub Compromised by Dragonforce

Ransom Hub, a prominent ransomware group, has been offline for over a month after being compromised by rival group Dragonforce. There has been no new activity reported on hacking forums, and dark web portals associated with Ransom Hub remain dormant. Dragonforce affiliates appear to have transitioned to utilizing the Qilin ransomware strain.

Chinese APT Group Exploits Software Updates

A sophisticated Chinese Advanced Persistent Threat (APT) group, known as Wizards, has been targeting organizations across Southeast Asia by hijacking software updates. Active since 2022, Wizards employs a tool named Spell that utilizes IPv6 Slack spoofing to redirect DNS queries. This technique allows them to replace legitimate software updates with malicious versions, compromising targeted systems.

"A Chinese APT group is hijacking software updates in organizations across Southeast Asia using a novel technique."
— Claire Aird [07:30]

Security firm ESET has connected this APT to Dianker Network Security Technology (UPSEC), further elucidating the group's operational tactics.

Raytheon Penalized for Cybersecurity Non-Compliance

Defence contractor Raytheon has agreed to pay an $8.4 million fine for failing to meet Pentagon cybersecurity requirements. The infraction pertains to contracts held between 2015 and 2021, with non-compliance revealed by a former director of engineering. As part of the settlement, the former director received $1.5 million.

"Raytheon has agreed to pay $8.4 million for failing to comply with Pentagon cybersecurity requirements."
— Claire Aird [08:45]

Conclusion

The episode of Risky Bulletin offers an in-depth examination of the current threats and developments in cybersecurity, emphasizing the critical need for robust security measures across various sectors. From Microsoft's transition to passwordless authentication to geopolitical cyber threats and significant breaches affecting major corporations, the bulletin underscores the evolving challenges in safeguarding digital infrastructure.

This summary captures the key discussions, insights, and conclusions presented in the Risky Bulletin episode titled "New Microsoft accounts will be passwordless by default." For more detailed information, listening to the full episode is recommended.