Announcing the new certification for Microsoft Teams voice engineers

By GitaSharma

We’re happy to announce that the new Microsoft 365 Certified: Teams Voice Engineer Expert certification is now in general availability. To earn this certification, you must pass Exam MS-720: Microsoft Teams Voice Engineer and also earn the Microsoft 365 Certified: Teams Administrator Associate certification.

This certification is a much-anticipated addition to our Microsoft Teams and Microsoft 365 skilling offerings as it addresses integral customer and partner needs. If you’re a telecommunications professional that knows how to plan, design, configure, maintain, and troubleshoot an integrated communications solution using Microsoft Teams, this expert certification can help you validate your technical skills and move your career forward.

Celebrate with the world: Post badges on LinkedIn
Once you earn this certification, be sure to post your badge on LinkedIn, and celebrate your accomplishments with your team and network. It often takes less than a minute to update your LinkedIn profile and share how you are delivering superior service across your organization.

It’s easy to renew a Microsoft Certification
If you have a Microsoft Certification that expires this month—or any time within the next six months—you’re eligible to take a renewal assessment on Microsoft Learn for free today. Get more details in our blog post Prove your skills. Protect your investment.

New certification for Microsoft Teams Voice Engineers

The final report on NOBELIUM’s unprecedented nation-state attack

By Pooja Parab

This is the final post in a four-part series on the NOBELIUM nation-state cyberattack. In December 2020, Microsoft began sharing details with the world about what became known as the most sophisticated nation-state cyberattack in history. Microsoft’s four-part video series “Decoding NOBELIUM” pulls the curtain back on the NOBELIUM incident and how world-class threat hunters from Microsoft and around the industry came together to take on the most sophisticated nation-state attack in history. In this last post, we’ll reflect on lessons learned as covered in the fourth episode of the docuseries. 

Nation-state attacks are a serious and growing threat that organizations of all sizes face. Their primary objective is to gain strategic advantage for their country, such as by stealing secrets, gathering cyber intelligence, conducting reconnaissance, or disrupting operations. These efforts are typically conducted by state-sponsored actors with significant expertise and funding, making them a particularly challenging adversary to defend against.

NOBELIUM, a Russian-linked group, is perhaps best known for the widespread SolarWinds supply chain breach. The incident was part of an even larger and more advanced campaign that had been quietly underway for more than a year. As details of this attack were uncovered, it became clear that it was the most sophisticated nation-state cyberattack in history.

In the final episode of our “Decoding NOBELIUM” series, we provide an after-action report that explores Microsoft’s findings and discusses lessons learned.

NOBELIUM deployed extensive tactics

Let’s start by reviewing the key stages of the attack.

The intrusion

It’s critical to understand how NOBELIUM achieved penetration into environments. Going beyond the supply chain compromise, this actor also deployed many common-place tactics like password spraying or exploiting the vulnerabilities of unpatched devices to steal credentials and gain access to systems. Ultimately, NOBELIUM leveraged a wide range of techniques to achieve penetration and adapted their toolset to each victim’s unique environment in order to achieve their goals.

The exploitation

Once NOBELIUM had gained entry, they followed the typical pattern for internal reconnaissance: discover the elevated accounts, find out which machines were there, and create a sophisticated map to understand how to reach their targets. They demonstrated extensive knowledge of enterprise environments and cybersecurity systems by evading defenses, masking activities in regular system processes, and hiding malware under many layers of code.

The exfiltration

Armed with an understanding of their target’s environment, NOBELIUM executed their plan—gaining access to their source codes, harvesting emails, or stealing production secrets.

NOBELIUM demonstrated patience and stealth

The NOBELIUM group moved methodically to avoid getting caught. “They were so deliberate and careful about what they did. It wasn’t like a smash and grab, where they came in and just vacuumed up everything and fled,” said Security Analyst Joanne of the Microsoft Digital Security and Resilience (DSR) Security Operations Center (SOC) Hunt Team.

It took time to move undetected through networks, gathering information and gaining access to privileged networks. For example, they disabled organizations’ endpoint detection and response (EDR) solutions from being launched upon system startups. NOBELIUM then waited up to a month for computers to be rebooted on a patch day and took advantage of vulnerable machines that hadn’t been patched.

“The adversary showed discipline in siloing all of the technical indicators that would give up their presence,” said John Lambert, General Manager of the Microsoft Threat Intelligence Center. “Malware was named different things. It was compiled in different ways. The command and control domains they would use differed per victim. As they moved laterally within a network from machine to machine, NOBELIUM took great pains to clean up after each step.”

Preparing for future nation-state attacks

When adversaries take this much care in hiding their activities, it can take the detection of many seemingly benign activities across different vectors pulled together to highlight one overall technique.

“In order to respond to an attack like NOBELIUM, with its scope and breadth and sophistication, you need to have visibility into various entities across your entire digital state,” explains Sarah Fender, Partner Group Program Manager for Microsoft Sentinel. “You need to have visibility into security data and events relating to users and endpoints, infrastructure, on-premises and in the cloud, and the ability to quickly analyze that data.”

NOBELIUM leveraged users and credentials as a critical vector for intrusion and escalation. Identity-based attacks are on the rise. “Once I can authenticate into your environment, I don’t need malware anymore, so that means monitoring behaviors,” says Roberto, Principal Consultant and Lead Investigator for Microsoft’s Detection and Response Team. “Building a profile for when Roberto’s using his machine, he accesses these 25 resources, and he does these kinds of things and he’s never been in these four countries. If I ever see something that doesn’t fit that pattern, I need to alert on it.” 

Bottom line: ensure you are protecting your identities.

Finally, if we’ve learned anything, it’s that we need to take care of our security teams, especially during a cybersecurity incident. 

“Defender fatigue is a real thing,” says Lambert. “You have to be able to invest in those defenders so that they can surge when they need to. Security, like other professions, is not just a job, it’s also a calling. But it also leads to fatigue and exhaustion if the incident drumbeat is too strong. You have to have reserves and plan for that so that you can support your defenders and rest them in between incidents.”

As we prepare for future attacks, it comes down to joining forces. 

“When I think about what this incident means going forward, it certainly reinforces the need for the world to work together on these threats,” explains Lambert. “No one company sees it all and it is very important, especially with sophisticated threats, to be able to work very quickly with lines of trust established. This is not just about companies working together, it’s also about individuals trusting each other, impacted companies, fellow security industry companies, and government institutions.”

How can you protect your organization and defenders?

Learn more in the final episode of our four-part video series “Decoding NOBELIUM,” where security professionals give insights from the after-action report on NOBELIUM. Thanks for joining us for this series and check out the other posts in the series:

Microsoft is committed to helping organizations stay protected from cyberattacks, whether cybercriminal or nation-state. Consistent with our mission to provide security for all, Microsoft will use our leading threat intelligence and a global team of dedicated cybersecurity defenders to partner across the security industry and help protect our customers and the world. Just some recent examples of Microsoft’s efforts to combat nation-state attacks include:

The investigation of ongoing targeted activity by NOBELIUM against privileged accounts of service providers to gain access to downstream customers.The September 2021 discovery and investigation of a NOBELIUM malware referred to as FoggyWeb.The May 2021 profiling of NOBELIUM’s early-stage toolset of EnvyScout, BoomBox, NativeZone, and VaporRage.Issuing more than 1,600 notifications to more than 40 IT companies alerting them to targeting by several Iranian threat groups (from May through October, those threats were 10 to 13 percent of the total notifications).The seizure of websites operated by NICKEL, a China-based threat actor, and the disruption of ongoing attacks targeting organizations in 29 countries.The investigation of Iran-linked DEV-0343, conducting password spraying focused on United States and Israeli defense technology companies, Persian Gulf ports of entry, and global maritime transportation companies with a business presence in the Middle East.

For immediate support, visit the Microsoft Security Response Center (MSRC) where you can report an issue and get guidance from the latest security reports and Microsoft Security Response Center blog posts.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Two words: free renewals

By GitaSharma

Last updated on January 24, 2022

What does it take to earn a Microsoft Certification? Time, energy, commitment, and—of course—passing a certification exam to prove your knowledge and experience. What does it take to renew a Microsoft Certification? A free online renewal assessment that you can complete without having to pass any exams!

Get started. Three steps to renew your certification.

Go to Microsoft Learn to connect your learn profile with your certification profile. 
Prepare with the free content on Microsoft Learn. 
Take the free online assessment before your certification expires.  

Microsoft Certifications available for renewal
See below for the complete list of certifications that are currently available for renewal.

Azure

Business Applications

Microsoft 365

Security, Compliance, and Identity

Related articles
Prove your skills. Protect your investment.
Is your certification expiring soon? Renew it for free today!

Cloud wake-up call: Amazon Web Services outage illustrates the pitfalls of online infrastructure

By Todd Bishop

Bigstock Photo / klevo

Amazon Web Services is one of the greatest successes of modern business and technology, leveraging its first-mover advantage in the public cloud to empower companies with capabilities that they couldn’t build on their own, and creating a lucrative business for itself in the process.

It sure didn’t feel so dreamy on Tuesday.

Outages are nothing new, and this wasn’t the worst we’ve seen, but the problem experienced by the widely used AWS US-EAST-1 Region was remarkable for its widespread impact, illustrating the extraordinary reach of the cloud.

This wasn’t just about websites going down. Day traders couldn’t trade. Gamers couldn’t game. Adele couldn’t sell tickets to her upcoming tour, for goodness’ sake.

The fallout was apparent everywhere you looked, from McDonald’s kiosks to Tinder hookups to NPR podcasts. Seattle startup Intelus had the bad luck of launching its company on Tuesday morning, with a website hosted on AWS.

Amazon itself was far from immune from the challenges. The company’s employees were unable to use its Chime communication app on their computers for several hours. Amazon Music was unavailable to many users. COVID-19 test results weren’t accessible for hours through the company’s mail-in testing service.

Customers of the company’s Ring subsidiary were cut off from their cameras.

It got worse. In the company’s core e-commerce business, product pages didn’t load, and orders didn’t go through. Customers couldn’t order groceries. Delivery drivers sang karaoke and ultimately went home for the day after the outage severed their ties to the app that coordinates their deliveries.

This couldn’t have come at a worse time for Amazon, during a holiday season that was already challenged by supply chain bottlenecks.

All of this leads to an obvious question: Has the world become too dependent on Amazon’s cloud?

“I think so,” said Corey Quinn, the chief cloud economist at The Duckbill Group, when I asked that question in a Twitter direct message on Tuesday evening. He pointed out that it could have been a lot worse: “A full outage of that region (not the partial one we saw today) means a massive economic event.”

Quinn elaborated on his thoughts in a Twitter thread that’s worth reading in full.

To be explicit, I don’t think AWS has done anything wrong here. This is the natural end result of their success at massive scale.— Corey Quinn (@QuinnyPig) December 8, 2021

What can be done? What happened to redundancy?

In a post about the AWS outage, Forrester senior analyst Brent Ellis laid out a strategy for companies to minimize their vulnerability. Part of his advice: “Diversify your risk by building applications and services that can be shifted between multiple cloud providers or private infrastructure automatically as a service fails.”

In terms of a broader solution to the world’s reliance on AWS, there may be no clear answers at this point, but as Quinn notes, these are important questions to ask.

Ultimately, the solution could come from Amazon itself, and with the former AWS chief Andy Jassy at the head of the company now, Amazon should better-positioned than ever to address this challenge.

AWS problems impact Amazon, Disney, Smartsheet, Canva and other online services

By Todd Bishop

GeekWire File Photo

If you’re having problems buying items or logging in to Amazon.com, you’re not alone, and thanks to the widespread use of Amazon Web Services, the problem isn’t limited to Amazon.

Disney, League of Legends, Smartsheet, Canva and other online services are down or reporting problems for some customers.

The official AWS Service Health Dashboard reports increased error rates for services such as Elastic Cloud Compute (EC2), Amazon Connect, and the DynamoDB database service, all out of its Northern Virginia region.

Amazon Web Services having problemos today. Story on terminal. Any signs of this cascading elsewhere? So far, folks complaining about shopping, trouble with Amazon music, merchants having trouble managing Amazon advertising. Any spread beyond Amazon?— I don’t have 10,000 followers (@spencersoper) December 7, 2021

Smartsheet, the Bellevue-based work management company, reports as of 9:19 a.m. Pacific time, “Our AWS partner has communicated that they have identified the root cause and are actively working on a recovery.”

It’s not just tech companies that are impacted. The Baltimore Sun, for one, says it’s unable to make updates to its site.

On Amazon, the problem has manifested in a variety of ways, making it difficult for some users to purchase items, call up their order history, and even log into Amazon’s special website for COVID-19 test results.

Update, 11:45 a.m.: Bloomberg News reports that Amazon’s delivery operations are also being impacted, creating an outage in an app used to communicate with drivers, as well as the Amazon Flex app used by gig workers who deliver packages. The ripple effect could be significant given the timing during the peak holiday season.

Update, 12:55 p.m.: Here’s the latest, as of 11:26 a.m. and 12:34 p.m. Pacific:

We are seeing impact to multiple AWS APIs in the US-EAST-1 Region. This issue is also affecting some of our monitoring and incident response tooling, which is delaying our ability to provide updates. Services impacted include: EC2, Connect, DynamoDB, Glue, Athena, Timestream, and Chime and other AWS Services in US-EAST-1. 

We continue to experience increased API error rates for multiple AWS Services in the US-EAST-1 Region. The root cause of this issue is an impairment of several network devices. We continue to work toward mitigation, and are actively working on a number of different mitigation and resolution actions. While we have observed some early signs of recovery, we do not have an ETA for full recovery.

Amazon services including Alexa, Ring and Amazon Fresh grocery ordering are also impacted.

Update, 2:30 p.m.: Amazon says it’s making progress. Here’s the latest.

We have executed a mitigation which is showing significant recovery in the US-EAST-1 Region. We are continuing to closely monitor the health of the network devices and we expect to continue to make progress towards full recovery. We still do not have an ETA for full recovery at this time.

Meanwhile, back at the delivery station, Amazon drivers are channeling Bob Marley.

“I don’t wanna wait in vain” — the official lyric of Amazon’s 2021 holiday season.

Update, 3:03 p.m.: Amazon now says, “Many services have already recovered, however we are working towards full recovery across services. Services like SSO, Connect, API Gateway, ECS/Fargate, and EventBridge are still experiencing impact. Engineers are actively working on resolving impact to these services.”