Groups Similar Look up By Text Browse About



Similar articles
Article Id Title Prob Score Similar Compare
218735 TECHREPUBLIC 2021-10-27:
Microsoft warns of new supply chain attacks by Russian-backed Nobelium group
1.000 Find similar Compare side-by-side
218930 ZDNET 2021-10-25:
SolarWinds hackers, Nobelium, once again strike global IT supply chains, Microsoft warns
0.288 0.670 Find similar Compare side-by-side
218868 ZDNET 2021-10-27:
Microsoft warns over uptick in password spraying attacks
0.851 0.523 Find similar Compare side-by-side
218738 TECHREPUBLIC 2021-10-26:
9 key security threats that organizations will face in 2022
0.063 0.474 Find similar Compare side-by-side
219404 TECHREPUBLIC 2021-10-29:
Cybercrime: Europol arrests 12 people for ransomware activities possibly affecting 1,800 victims in 71 countries
0.443 Find similar Compare side-by-side
219418 VENTUREBEAT 2021-10-30:
Report: 55% of execs say that SolarWinds hack hasn’t affected software purchases
0.416 Find similar Compare side-by-side
218906 TECHREPUBLIC 2021-10-25:
REvil ransomware group reportedly taken offline by multi-nation effort
0.412 Find similar Compare side-by-side
218722 ZDNET 2021-10-25:
Ransomware: Industrial services top the hit list - but cyber criminals are diversifying
0.392 Find similar Compare side-by-side
219200 ZDNET 2021-10-28:
HTTPS threats grow more than 314% through 2021: Report
0.010 0.390 Find similar Compare side-by-side
218929 ZDNET 2021-10-25:
Tesco's website restored after suspected cyberattack
0.390 Find similar Compare side-by-side
218862 TECHREPUBLIC 2021-10-26:
Phishing attack exploits Craigslist and Microsoft OneDrive
0.382 Find similar Compare side-by-side
219132 VENTUREBEAT 2021-10-28:
Report: 83% of companies say 24-hour shutdown causes incapacitating damage
0.375 Find similar Compare side-by-side
218975 ZDNET 2021-10-25:
BillQuick says patch coming after Huntress report identifies vulnerabilities used in ransomware attack
0.375 Find similar Compare side-by-side
219072 VENTUREBEAT 2021-10-28:
Dragos raises $200M to protect industrial customers from cyberattacks
0.372 Find similar Compare side-by-side
219134 ZDNET 2021-10-29:
Ransomware: Police sting targets suspects behind 1,800 attacks that 'wreaked havoc across the world'
0.367 Find similar Compare side-by-side
219157 TECHREPUBLIC 2021-10-28:
How to prepare your team to address a significant security issue
0.359 Find similar Compare side-by-side
219101 VENTUREBEAT 2021-10-28:
SlashNext, which uses AI to combat phishing, raises $26M
0.358 Find similar Compare side-by-side
219119 ZDNET 2021-10-29:
Schreiber Foods back to normal after ransomware attack shuts down milk plants
0.352 Find similar Compare side-by-side
218917 ZDNET 2021-10-26:
Third-party data breach in Singapore hits healthcare provider
0.343 Find similar Compare side-by-side
219011 ZDNET 2021-10-27:
Meet Balikbayan Foxes: a threat group impersonating the Philippine gov't
0.339 Find similar Compare side-by-side
218821 VENTUREBEAT 2021-10-26:
Deloitte: 14% of U.S. orgs remain defenseless as cybersecurity threats loom
0.332 Find similar Compare side-by-side
219076 VENTUREBEAT 2021-10-28:
Dragos Raises $200 Million in Series D Funding to Safeguard the World’s Critical Infrastructure as Valuation Soars to $1.7B
0.331 Find similar Compare side-by-side
218788 VENTUREBEAT 2021-10-25:
Report: Third-party attackers have breached 44% of health care orgs
0.328 Find similar Compare side-by-side
219176 ZDNET 2021-10-28:
NRA responds to reports of Grief ransomware attack
0.326 Find similar Compare side-by-side
218856 ZDNET 2021-10-27:
These phishing emails use QR codes to bypass defences and steal Microsoft 365 usernames and passwords
0.326 Find similar Compare side-by-side

1

ID: 218735

URL: https://www.techrepublic.com/article/microsoft-warns-of-new-supply-chain-attacks-by-russian-backed-nobelium-group/

Date: 2021-10-27

Microsoft warns of new supply chain attacks by Russian-backed Nobelium group

The Russian-backed hacking group responsible for the SolarWinds attack has been targeting more companies with the goal of disrupting the worldwide IT supply chain. In a blog post published Monday, Microsoft cautioned of new attacks by Nobelium, revealing that it notified 140 resellers and technology service providers targeted by the group. As part of an ongoing investigation, Microsoft said it believes as many as 14 of these organizations have been compromised since May. Incident response policy (TechRepublic Premium). Known for an attack last year that exploited a security flaw in network monitoring software from SolarWinds, Nobelium has lately been targeting a different segment, specifically resellers and other service providers that manage cloud services and other technologies for customers. The group's likely goal is to obtain direct access that resellers have to the IT systems of their customers. If successful, Nobelium would then have a way to impersonate a technology provider and attack its downstream customers. "These attacks have been a part of a larger wave of Nobelium activities this summer," Microsoft said. "In fact, between July 1 and October 19 this year, we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits. By comparison, prior to July 1, 2021, we had notified customers about attacks from all nation-state actors 20,500 times over the past three years." SolarWinds attack: Cybersecurity experts share lessons learned and how to protect your business (TechRepublic). Identified as part of Russia's SVR foreign intelligence service, Nobelium is just one of the players in the Kremlin's efforts to gain access to organizations in the technology supply chain to conduct surveillance. The so-called cyber cold war has been heating up in recent years as nation states and groups operating on their behalf have launched attacks designed to not only spy on but destabilize rival governments. The U.S. hasn't been shy about pointing the finger at Russia and China as two of the main perpetrators behind several key incidents. The 2020 SolarWinds hack took advantage of a security vulnerability in the firm's Orion networking monitor platform. By exploiting this flaw, the attackers were able to monitor internal emails at the U.S. Treasury and Commerce departments and compromise other government agencies and private sector companies around the world, all of whom used the Orion product. Initially, the culprit was publicly identified as a Russian-backed group; eventually the U.S. and other entities placed the blame specifically on Nobelium. To carry out the latest incidents outlined by Microsoft on Monday, Nobelium employed such techniques as phishing campaigns and password spraying, a brute-force tactic through which hackers use automated tools to try to obtain the passwords of a large number of accounts in one shot. This trick relies on the inclination of people to use weak passwords or reuse their passwords across multiple sites. "Nobelium is a truly persistent adversary," said Jake Williams, co-founder and CTO at BreachQuest. " Often organizations fail to fully remediate incidents, leaving the threat actor access to the network after the remediation is considered complete. Nobelium is one of the best in the threat actor ecosystem at remaining undetected after a remediation attempt. This is not a DIY project for most organizations and will likely require professional assistance to be successful due to the variety of tools and tradecraft used." SolarWinds-related cyberattacks pose grave risk to government and private sector, says CISA (TechRepublic). In another blog post published Monday, Microsoft issued warnings to cloud service providers, organizations that rely on elevated privileges and downstream customers, all of whom could be vulnerable to attacks from Nobelium. The company said that it discovered the group targeting privileged accounts of service providers to move laterally in cloud environments and gain access to downstream customers. Noting that Nobelium didn't exploit a security vulnerability this time as it did in the SolarWinds hack, Microsoft said the group's more recent tactics have included supply chain attacks, token theft, API abuse, and spear phishing. "When cybercriminals find an attack method that works, they stick with it," said Panorays CTO and co-founder Demi Ben-Ari. " So it's not surprising that the Nobelium threat group, which was responsible for the massive SolarWinds supply chain attack last year, is continuing to target downstream customers through their service providers in order to inflict maximum damage." In its blog post, Microsoft issued several specific recommendations for cloud providers and their customers, such as enabling multi-factor authentication, checking activity logs and removing delegated administrative privileges when no longer needed. Microsoft's recommendations are thorough but also time-consuming to implement. That type of effort poses challenges for many organizations. "Implementation of some of the recommended mitigation measures, such as reviewing, hardening and monitoring all tenant administrator accounts, reviewing service provider permissions and reviewing auditing logs, should be table stakes for security in any larger organization," Williams said. "However, the reality is that most organizations are resource strapped. This makes complying with these recommendations difficult for more organizations." But even organizations lacking in time, resources or staff can better secure and protect themselves with some core cyber hygiene practices. "The good news is that organizations can help prevent these kinds of attacks by implementing security best practices including enabling MFA and minimizing access privileges," Ben-Ari said. "To accomplish this rapidly and effectively, however, it's crucial to have a robust and automated third-party security management program in place to assess supply chain partners, close cyber gaps and continuously monitor for any issues." Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays