Seriously? *Another* One.

Right, so listen up, because I’m only saying this once. Apparently, some ransomware clowns – specifically a group called Stormouls (creative name, real original) – were being absolute idiots and using legitimately issued Microsoft Azure certificates to sign their malware. Like, they weren’t even trying to hide it! They snagged these certs through compromised accounts, then used them to make their junk look all official and bypass some security crap.

Microsoft, bless their perpetually-playing-catchup hearts, actually managed to take down the infrastructure. They yanked 450+ Azure accounts, 139 domains, and a whole heap of other stuff. Big whoop. It’s like putting a bandaid on a gaping wound. The article says they’re blaming it on weak password hygiene and lack of MFA – you mean the same basic security failures we’ve been screaming about for *decades*? Shocking.

The worst part? They think this is just one piece of a bigger operation, meaning there are probably more of these morons out there doing the exact same thing. And guess who’s going to be cleaning up their mess? Not them, that’s for damn sure. It will be some poor sysadmin somewhere at 3 AM.

Honestly, it just proves everyone is an idiot and Microsoft’s security is a joke. Don’t even get me started on the cloud…

Source: Microsoft Disrupts Ransomware Campaign Abusing Azure Certificates

Speaking of compromised accounts, I once had to deal with a user who thought their password was “password123”. I swear. “Password123”! And they were the CFO. The level of stupidity is astounding. It’s why I drink.