News

Credential Stuffing Attacks: What Types Of Organizations Are The Most Vulnerable?

A British institution falls victim to a credential stuffing system attack, shutting down its mobile access. Read about this cyber threat and how to protect your system. Read More

Microsoft Exchange Hack: Update Needed ASAP

Patches often fix vulnerabilities that cybercriminals are exploiting. Read why automatic updates are important, especially after the Exchange hack by a foreign agent. Read More

Malware Rarely Announces Itself But Waits In The Shadows

A newly identified malware on Mac computers that seems active, has yet to execute a payload. Security experts are baffled. Understanding current threats is a key defense. Read More

Bad State Actors And Criminals Are Focusing On Updates After SolarWinds Hack

Cybercriminals recently attacked the IT provider SolarWinds in order to send malicious software updates to around 18,000 customers and gain backdoor access to their networks. However, the hackers were selective in which customers they targeted.

Among the customers targeted in the hack were Microsoft; the Department of Energy; the National Nuclear Security Administration, which maintains the nation's nuclear weapons stockpile; and several other U.S. governmental agencies.

Microsoft stated that it has identified other victims of the breach and has notified more than 40 customers who were targeted and "compromised through additional and sophisticated measures."

Eighty percent of these notified victim were in the U.S.; 44 percent were in the information technology sector; and 18 percent were in government.

The president of Microsoft said the hack was an "attack on the United States and its government and other critical institutions." According to The Washington Post, the U.S. suspects a Russian state-sponsored hacking group called Cozy Bear is behind the breach.

Although Reuters reported that the hackers exploited Microsoft's tool to attack other victims, Microsoft stated that its ongoing investigations "have found absolutely no indications that our systems were used to attack others." It said that it "isolated and removed" malicious SolarWinds binaries before the malware infection caused any major damage. The statement also claimed that there was no evidence the hackers accessed production services or customer data.

The full scope of the breach is not yet known. New evidence suggests the hackers used a variety of tactics to access their targets' networks, meaning they may have done more than just spy on the U.S. government. Michael Kan "Microsoft Hit by SolarWinds Breach, Says It 'Isolated and Removed' the Malware" pcmag.com (Dec. 18, 2020).

 

 

Commentary

The SolarWinds hack highlights that criminals and state actors will continue to focus on corrupting updates.

What makes this tactic successful is that we are continually reminded to update as soon as possible often in order to patch vulnerabilities. We invite updates into our system, and they are rarely quickly discovered, if at all.

Fraudulent updates via phishing can be quite convincing. It is important to train all members of the organization to use extreme caution when downloading any update. A good procedure is that before any updates are performed, your IT department first provides the greenlight.

Train employees to be suspicious of any notification to update software contained in a popup or email. A notification to update software the employee does not use is another reg flag and should be avoided.

Finally, your opinion is important to us. Please complete the opinion survey:

Sign In

Are you a new user?

Register here

Retrieve password