Political Hack at Columbia University, Malware Surge, and Microsoft Authenticator's New Direction

[00:00:02] It's Friday, July 11th, 2025, and I'm Dave Solt. Four things to know today. Columbia University hit by a politically charged hack leaking 1.8 million social security numbers, showing how stolen data fuels culture wars. Malware detection skyrocketed 171% as attackers innovate faster than defenses. Huntress and Microsoft deepened ties to bring enterprise-grade security into MSP hands.

[00:00:27] And Microsoft's Authenticator drops password storage, forcing users to rethink credential management. This is the Business of Tech. Columbia University recently experienced a significant data breach that compromised the personal information of applicants from 2019 to 2024. From The Verge, the hacker claimed to have stolen 460 gigabytes of sensitive data, including 1.8 million social security numbers and financial aid information,

[00:00:55] with motivations linked to political oppression against affirmative action policies. This breach followed incidents at other universities, including New York University and the University of Minnesota, indicating a troubling trend of politically motivated cyber attacks targeting higher education institutions. The hacker's actions are reportedly aimed at exposing and undermining diversity initiatives, following the Supreme Court decision that barred affirmative action practices in 2023.

[00:01:23] Coverage of the incident has been limited, raising concerns about the implication for data security and the integrity of academic institutions. A recent report from WatchGuard Technologies reveals a staggering 171% increase in total unique malware detections in the first quarter of 2025, marking the highest-recorded figure by the company's threat lab. The surge indicates a growing trend in evasive threats that bypass traditional detection methods,

[00:01:51] with proactive machine learning detection increasing by 323%. The report highlights that new malware threats on endpoints rose by 712%, with the LSASS dumper identified as the leading threat, exploiting system components for credential theft. Why do we care? Politically motivated threat actors targeting universities demonstrates how sensitive personal data can be weaponized for narrative warfare.

[00:02:19] The Columbia breach isn't just about data theft, it's a deliberate effort to weaponize stolen information to influence public debate and undermine institutional practices post the Supreme Court decision. Meanwhile, WatchGuard's telemetry highlights how malware innovation is outpacing traditional defenses. This all isn't front-page news. This all isn't front-page news. Means that universities and small businesses may not even recognize the risk escalation, leaving providers and MSPs to educate client.

[00:02:47] Waiting for boards or executives to ask, are we exposed, is a losing strategy. This is a strategic moment to shift client conversations. From compliance to resilience, meeting the standard is insufficient when adversaries are playing a different game. From endpoints to identity, credential protection and zero trust are paramount. And from tools to outcome, providers must position themselves as outcome providers, ensuring clients survive when a breach occurs, not if.

[00:03:17] Ignore the signals and you risk being tomorrow's Columbia headline for a client who assumed you had it handled. Are you ready to get your brand in front of the tech leaders shaping the future of managed services? Here at The Business of Tech, we offer flexible sponsorship opportunities to meet your needs, whether it's live show sponsorship, podcast advertising, event promotion, or custom webinars. From affordable exposure options to exclusive sponsorships,

[00:03:47] our offerings are designed to fit businesses and vendors of all sizes looking to make an impact. Prices start at just $500 per month, making our packages a fraction of typical event sponsorship costs. Be a part of the conversation that matters to IT service providers worldwide. Join us at MSP Radio and amplify your message where it counts.

[00:04:12] Visit MSP Radio dot com slash engage today to explore all the ways we can help you grow. Huntress has announced a collaboration with Microsoft to enhance cybersecurity for businesses of all sizes, addressing the growing sophistication of cyber attacks. Huntress, known for its enterprise-grade cybersecurity solutions, will integrate its services with Microsoft environments, providing essential protections for endpoints and identities. The integration includes features such as endpoint detection and response,

[00:04:42] identity threat detection, and a 24 by 7 security operations center, which will allow organizations to respond to cyber threats more efficiently. And speaking of Microsoft, they are discontinuing the use of their Authenticator app for storing and autofilling passwords effective July 2025. Users will need to transition to Microsoft Edge or alternative password management solutions for these functions. The company will also delete saved payment information in Authenticator this July,

[00:05:10] followed by the removal of password storage in August. Microsoft Authenticator initially launched in 2016 as a multi-factor authentication tool, introduced password storage capabilities in 2020. As part of the transition, Microsoft will automatically sync saved passwords to users' accounts for access via Edge, and users are encouraged to export their passwords to other services by August if they prefer not to use Edge.

[00:05:36] Microsoft has confirmed a significant issue affecting Windows Server Update Services, or WSUS, that prevents organizations from syncing with Microsoft Update and deploying the latest Windows updates. Many Windows administrations have reported synchronization failures, with error messages indicating connection issues or timeouts. The problem stems from a problematic update revision identified in the storage layer, which is impacting the synchronization process.

[00:06:01] Microsoft has stated that updates cannot be deployed using WSUS or Configuration Manager until a fix is implemented. Currently, there are no workarounds available, and the company is actively working on resolving the issue. Why do we care? Huntress aligning with Microsoft is a logical move for both parties. Huntress brings hands-on keyboard threat hunting and MDR-level expertise to Microsoft's massive install base. For providers, this creates an opportunity to build layered security offerings in Microsoft environments.

[00:06:31] The integration means Huntress tools can plug more natively into Azure AD and Intune managed devices. It means a differentiator for smaller MSPs competing with larger players. Leveraging Huntress' SOC in EDR means providing enterprise-grade protection without standing up your own 24x7 SOC. But it's also a warning. As Microsoft deepens partnerships like this, it tightens its ecosystem.

[00:06:55] Vendors outside Microsoft's orbit may find themselves marginalized unless they offer niche or cross-platform capabilities. The other two stories are more tactical, although MSPs should use these developments as a springboard to audit their Microsoft dependencies, update client roadmaps for identity and patching, and lean into vendor relationships that deliver multilayered security. One more detail about the Ingram Micro ransomware incident.

[00:07:22] Palo Alto Networks very much wants you to know it's not their fault. Palo Alto Networks has confirmed that the recent attack on Ingram Micro did not involve their Global Protect Virtual Private Network. This clarification is significant as it addresses concerns regarding the security of widely used networking solutions in the wake of the incident. The attack, which occurred on July 11th, has raised alarms about the vulnerabilities faced by major IT service providers. Ingram Micro does have a blog that contains their updates on the issue. Why do we care?

[00:07:53] Well, that blog isn't really helpful. This is the perfect example of how big vendor silence leaves IT service providers and their customers in the dark while everyone else scrambles to manage fallout. The fact Palo Alto Networks felt compelled to clarify Global Protect wasn't involved says a lot about how quickly suspicion falls on vendors. After years of VPN-related breaches, Movalet, Fortinet, Citrix, any major incident sets off a wave of finger-pointing.

[00:08:21] And it also says a lot about the erosion of implicit trust in vendor products. MSPs relying on Global Protect, where similar solutions now face customer questions like, are we safe? Even if their tool wasn't at fault. This is a textbook example of supply chain fragility in IT services. Ingram's vague communication strategy amplifies uncertainty for MSPs already managing their own customer anxieties.

[00:08:46] Palo Alto's defensive messaging shows how quickly vendor reputations can be collateral damage, regardless of involvement. And time for some big ideas. The term context engineering is gaining recognition as a better alternative to prompt engineering and artificial intelligence. Supporters claim it more accurately describes the skill of providing necessary context for large language models to work well.

[00:09:10] Well-known industry figures, such as Shopify CEO Toby Lutkut and AI researcher Andrei Karpathy, highlight that context engineering involves a detailed understanding of task descriptions, few shot examples, and relevant data. The method is viewed as crucial for improving AI application performance because it combines technical skills and an intuitive grasp of how these models function. The change in terminology reflects a wider trend in AI development that focuses on clear communication and the complexity of completing tasks.

[00:09:40] Another recent article explores the unexpected versatility of the Model Context Protocol, or MCP, highlighting its potential as a universal plug-in system. While initially designed to enhance artificial intelligence capabilities, the protocol can connect various tools and data sources, enabling applications to leverage functionalities without direct integration. The author draws parallels to the evolution of car cigarette lighters, which have transitioned from a niche use to a universal power source.

[00:10:09] As more developers create MCP servers for their AI systems, the resulting ecosystem allows applications to access a wider range of functionalities, akin to a communal potluck of software capabilities. The article emphasizes that this spontaneous development indicates a shift towards a more interconnected technological landscape, where protocols like MCP facilitate seamless interactions between diverse systems. How about the flood of AI note-takers at meetings?

[00:10:38] The Washington Post has you covered. AI note-takers are increasingly dominating Zoom calls, as many employees choose to skip meetings in favor of automated solutions. In a recent meeting attended by Clifton Sellers, he observed that six human participants were outnumbered by 10 AI note-taking apps, adding a growing trend where technology is replacing traditional human interaction. The shift raises concerns by the impact of artificial intelligence on workplace dynamics.

[00:11:04] While AI note-takers can efficiently record and summarize discussions, their prevalence may hinder meaningful communication among team members. As companies continue to adopt the tools, it's essential to consider the balance between technological efficiency and human connection in virtual work environments. Why do we care? Well, some questions for you to consider. Are your teams equipped to think about terms of context, not just commands, when working with AI tools?

[00:11:32] If MCP and similar protocols turn AI systems into universal connectors, how does that change your integration strategy for client systems? Are you prepared to manage the security and governance implications when third-party tools freely interact via protocols like MCP? Could MSPs leverage this underoperability trend to create their own micro-ecosystems of tools for clients, reducing vendor sprawl and improving stickiness?

[00:11:59] What happens to organizational culture when AI tools replace actual human presence in client meetings? And are you advising clients on AI governance policies that address where automated tools like note-takers fit into workflows, and where they shouldn't? Thanks for listening. Today is National French Fry Day, National 7-Eleven Day, National Blueberry Day, and National State Fair Food Day. So you make sure to deep fry something.

[00:12:28] Join me next Wednesday, July 16th, for a webinar sponsored by ThreatDown, AI's Dark Side, what every MSP needs to know. Visit bit.ly slash ThreatDown with links in the show notes. The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. If you've enjoyed the show, make sure you've subscribed or followed on your favorite platform. It's free and helps directly. Give us a review, too.

[00:12:58] If you want to support the show, visit patreon.com slash MSP Radio, and you'll get access to content early. Or buy our Why Do We Care merch at businessof.tech. Have a question you want answered? We take listener questions, send them in, ideally as a voice memo or video to question, at MSP Radio.com. I answer listener questions live on our Wednesday live show on YouTube and LinkedIn.

[00:13:25] If you've got a comment or a thought on a story, put it in the comments if you're on YouTube, or reach out on LinkedIn if you're listening to the podcast. And if you want to advertise on the show, visit MSP Radio.com slash engage. Once again, thanks for listening, and I will talk to you again on our next episode. Part of the MSP Radio Network.