Many questions, few answers in latest Microsoft hack

Welcome to Runtime! Today: Security experts are concerned about the lack of details accompanying Microsoft's hack disclosure late last week, Oracle joins the generative AI parade, and the latest funding rounds in enterprise tech.

(Was this email forwarded to you? Sign up here to get Runtime each week.)

Friday night blight

How did a notorious hacking group gain access to the email accounts of senior Microsoft leaders for almost two months before it was discovered?

Microsoft released very few details about the latest breach of its security system in a classic late-afternoon Friday news dump last week. What we do know is that Nobelium, a group linked to the Russian government, was able to access those accounts by using a "password spray attack" to force its way into a "legacy non-production test tenant account," but the company isn't saying much about how the attackers got from that entry point into some of Microsoft's most sensitive accounts.

• "How does a non-production test environment lead to the compromise of the most senior officials in Microsoft (and) their emails?” wondered George Kurtz, CEO of Crowdstrike, in an interview with CNBC on Monday. “I think there's a lot more that's going to come out on this.”
• Kurtz is a longtime Microsoft competitor and a regular critic of its security strategy, but he's not wrong.
• "This is pretty dangerous," said Alex Stamos, chief trust officer at SentinelOne, in a separate interview on CNBC Monday. "This is the second major announcement of an email hack (at Microsoft) by a state-sponsored intelligence agency," he said, referring to last year's breach orchestrated by China that captured emails of several Biden administration officials using Microsoft 365 that also wasn't detected for weeks.
• All major cloud vendors are under constant attack from state-sponsored hackers and criminal groups, but none of them have reported anything quite as significant as these two incidents in the last year.

Nobelium, considered part of Russia's SVR foreign intelligence agency, is one of the most notorious hacking groups in operation. It was the organization behind the devastating 2019 SolarWinds supply-chain attack that lit a fire under the federal government to push for stronger security practices.

• Microsoft has been tracking this group for years: Last year it warned that Nobelium was using social engineering techniques to try and trick around 40 Microsoft Teams customers into giving up two-factor authentication codes.
• In 2021, Microsoft released a four-part video series (the actual videos seem to have vanished) outlining how it helped discover the SolarWinds attack, which it called "the most sophisticated nation-state cyberattack in history."
• Nobelium is also believed to be linked to APT29, the Russia-backed group that stole emails from the Democratic National Committee in 2015.

As the IRA once said, attackers only need to be lucky once while defenders need to be lucky always, and cybersecurity at this level is a constant game of cat and mouse. But this is turning into a disturbing pattern at Microsoft, which likes to think of itself as a world leader in cybersecurity.

• No customer accounts were compromised in this latest case, at least, but given the important role logging data played in discovering last summer's attack it's troubling that the company's internal teams were unable to detect this intrusion for weeks. 
• "The incidence shows, like in earlier such cases, that even the most sophisticated cyber security systems are far from being adequate," Deepak Kumar, founder analyst and chief research officer at BMNxt Business and Market Advisory, told CSO.
• In response to that earlier event, Microsoft pledged to harden its internal security policies, but clearly didn't move fast enough; Stamos told CNBC that password-spray attacks can be prevented with multifactor authentication, which that test tenant account appeared to lack.

Microsoft eventually released some details on how the China attack happened, and Stamos called on it to quickly do the same in response to this incident.

• "SVR is going after hundreds and hundreds of American companies," he said. "With Microsoft not being transparent and not being open about what's going on, it does not rebuild the trust people have in them nor does it allow the rest of us to protect ourselves."

As you make your plans for 2024 please consider sponsoring Runtime and getting your message in front of the more than 20,000 enterprise tech industry leaders and decision makers that receive this newsletter each week. We also plan to roll out several new products next year, including special reports, sponsored content, and events, both virtual and live. If you're interested in learning more, contact us here.

Better late than never

Oracle gained a bit more ground against its cloud infrastructure rivals Tuesday when its generative AI service became generally available, long after similar services were released by Microsoft, Google, and AWS. OCI Generative AI was developed in partnership with Cohere, which has received a substantial amount of investment from Oracle, but also supports Meta's Llama 2 open-source large-language model.

The company is hoping that its customers will see value in using the generative AI service alongside their existing Oracle databases and ERP software, which could be a cheaper way to train custom models than using other services. But with support for only two models at launch, the service might not fit the needs of every customer.

And last month Oracle blamed a cloud revenue shortfall on its inability to get enough data centers up and running, which is a problem considering how much computing power is required by generative AI applications. It plans to increase capital spending in the second half of its fiscal year, which ends in May, but six months is a long time in generative AI.

Enterprise funding

Silverfort raised $116 million in Series D funding, bringing the total amount raised by the identity-management company to $222 million.

Oleria landed $33 million in Series A funding to further develop its own take on identity access-management technology.

Vicarious raised $30 million in Series B funding to bolster its vulnerability detection and management software.

Clerk scored $30 million in Series B funding to expand beyond identity management software and into access controls.

Qdrant secured $28 million in Series A funding for its vector database technology, as profiled here in Runtime.

Prismatic raised $22 million in Series A funding for its low-code app integration builder.

The Runtime roundup

AWS will now let consultants and service providers sell their wares through the AWS Marketplace, which could be attractive to all those VMware partners cut loose by Broadcom.

Microsoft created a new internal team working on lower-cost alternatives to OpenAI's LLMs, according to the Information.

SAP will offer new jobs or buyouts to 8,000 employees but said its overall headcount won't change by the end of the year.

Zscaler is in talks to acquire data analysis startup Avalor for more than $250 million in hopes of adding Avalor's platform technology to its cybersecurity software, according to Calcalist.

Wasabi acquired GrayMeta's Curio AI to help its media and entertainment customers add structure to their video data.

Chronosphere snapped up Calyptia, the startup behind the open-source Fluentd and FluentBit logging technology, to build out its observability product.

Thanks for reading — see you Thursday!