Last year, Russian cybercriminals targeted American IT company SolarWinds, deploying malicious code to target the government agencies and corporations with whom SolarWinds worked. Last week, early reports indicated that the same group—Nobelium—unleashed a similar attack on Microsoft, trying to disrupt the global IT supply chain.
As Tom Burt, Microsoft’s Corporate Vice President of Customer Security and Trust, wrote in a blog, “We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers.” This approach is often defined as “compromise one to compromise many.”
Instead of last year’s more sophisticated intrusion, though, which targeted networks and software updates, last week’s attack deployed much simpler tactics. Hundreds of phishing emails were intercepted by Microsoft, which also tracked the use of a basic technique called “password spray.” Cyber attackers test commonly used passwords such as “password1234” against multiple accounts in a short period of time until they stumble upon a password and account match.
Federal cybersecurity officials declined to comment on who they thought was responsible, pointing instead to the rudimentary tactics deployed in last week’s attack. As of press time, Microsoft revealed that 140 cloud service providers had been targeted with only 14 providers compromised so far.
Like the 2020 SolarWinds hack, no widespread public disruptions have been identified yet. Microsoft even revealed that it has been monitoring the attempted attacks for months, working behind the scenes with partners, suppliers, and government agencies to mitigate the impacts while keeping an eye on the well-known hackers responsible.
Burt, the Microsoft executive, said, “This recent activity is another indicator that Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling—now or in the future—targets of interest.”
Even if the initial attack had been more successful, the fact that Microsoft was on top of the illicit event means its impact would have been minimal. If anything, the hack only reinforces the lesson that any company can be attacked—and that a proactive approach to cybersecurity is critical to staying safe.
Overall cybersecurity protocols could be enhanced, too, if technology service providers take heed of the technical guidance provided by Microsoft to mitigate the long-term problem. That guidance includes watching for social engineering and spearphishing attempts, monitoring remote access permissions, analyzing network traffic, and responding immediately to any suspicious activity—all areas where CMIT Solutions excels.
Without a critical problem to address, inaction is tempting. However, the attitude of, “If it isn’t broke, why fix it?” is dangerous. Consider this the perfect opportunity to assess your company’s cybersecurity situation, working with a trusted IT provider to identify vulnerabilities and address them before a hack happens. The following basics can help:
1) Understand the importance of security patches and software updates. Although last week’s hack didn’t target these necessary processes of security patches and updates, past attacks have done just that. A reliable technology services provider can help you with automated, regular patch and update rollouts that keep your business safe and maintain productivity for your employees.
2) Deploy multi-layered network security tools that build strong protections around your business. These tools include basics like anti-spam and anti-malware solutions, along with more robust tools such as cloud-based security, audit logs, and delegated administrative privileges.
3) Turn on multi-factor authentication (MFA) for all users. If the applications and devices used by your business don’t have MFA in place, work with a trusted IT provider to activate them immediately. This can minimize the threat of compromised passwords, giving your users an extra layer of day-to-day security.
4) Implement regular, remote, and redundant data backups that protect business information against the threat of ransomware. Data is the day-to-day lifeblood of nearly every company—and it deserves to be backed up in a regular, remote, and redundant fashion. When multiple copies of data backups are stored in different locations, any cyberattack can be mitigated by wiping affected devices clean and recovering the most recent backup.
5) Provide employees with education and training to prevent common phishing and password hacks. Ongoing cybersecurity training sessions can be held in-person and virtually, presenting common scenarios like simulated phishing and attempted business email compromise. When your employees see these methods in a controlled environment, it helps them learn proper responses and reinforce good behaviors.
Because last week’s hack didn’t have immediate or rippling impacts, small and medium-sized businesses can use it as an opportunity to shore up cybersecurity protections and enhance network defenses. It’s not so much a matter of if you’ll get hacked but when—not will it happen? so much as how bad will it be? That’s why the most practical cybersecurity tools work to anticipate and reduce risk, not attempt to completely eliminate it.
CMIT Solutions specializes in a proactive approach to cybersecurity, tackling issues from every angle including prevention, detection, and response. This approach allows thousands of North American businesses to enhance the overall resilience of their operations in the face of increasingly complex attacks.
We go the extra mile to protect the data, devices, and digital identities of our clients. While hackers devise new tricks to avoid standard network security defenses, our 800 staff members at offices across North America work day and night to deploy new protections and create new strategies for IT success.
If you need a trusted partner to help you with cybersecurity, contact CMIT Solutions today.