Microsoft: As many as 14 IT service providers breached by Russian hacking group – SiliconANGLE News Leave a comment

UPDATED 13:37 EDT / OCTOBER 25 2021
by Maria Deutscher
Microsoft Corp. today said that as many as 14 information technology service providers were breached by the hacking group Nobelium, which the U.S. government and others have linked to Russia. 
Nobelium is the same group responsible for last year’s SolarWinds hacking campaign. The SolarWinds hack, which came to light in December, is estimated to have affected up to 18,000 organizations. 
Microsoft’s researchers began tracking the new Nobelium cyberattack campaign targeting IT firms this May. According to the company, Nobelium has launched cyberattacks against more than 140 IT service providers including IT resellers, managed service providers that assist organizations with running their technology infrastructure and others. Microsoft’s researchers determined that up to 14 of the targeted companies were breached. 
Microsoft believes that Nobelium targeted IT service providers in a bid to gain access to their customers’ systems. Many organizations entrust the day-to-day management of their cloud environments and other technology assets to an external service provider. As a result, the service provider has the ability to access and modify key parts of its customers’ technology infrastructure. 
In one of the cyberattacks uncovered by Microsoft, Nobelium breached four different providers to reach its target. In a technical blog post today, the company’s researchers detailed that the group had used several different hacking techniques to launch cyberattacks against the targeted companies. 
“Fortunately, we have discovered this campaign during its early stages, and we are sharing these developments to help cloud service resellers, technology providers, and their customers take timely steps to help ensure Nobelium is not more successful,”  Tom Burt, Microsoft’s corporate vice president of customer security and trust, wrote in a blog post today. 
Microsoft said that the hacking campaign targeting IT service providers was part of a broader wave of cyberattacks carried out by Nobelium over the summer. “In fact, between July 1 and October 19 this year, we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits,” Burt detailed. “By comparison, prior to July 1, 2021, we had notified customers about attacks from all nation-state actors 20,500 times over the past three years.”
Alongside its research detailing the hacking campaign, Microsoft today detailed that it’s taking steps to improve cybersecurity for organizations that use its products and rely on an IT service provider to manage their technology assets. 
Organizations give service providers access to their technology environments by creating specialized administrator accounts. Microsoft, Burt wrote in the blog post, is currently piloting new features that will reduce the likelihood of service provider administrator accounts being used by hackers to launch cyberattacks. The new features will enable companies to detect accounts that have broader access to their technology environments than strictly necessary and  make the needed adjustments to reduce their attack surface.  
Microsoft has also released technical guidance to help organizations protect themselves against the newly detected hacking campaign. Additionally, the company updated several of its cybersecurity tools to help companies detect if they’re targeted sooner. “Threat protection and security operations tools such as Microsoft Cloud App Security (MCAS), M365 Defender, Azure Defender and Azure Sentinel have added detections to help organizations identify and respond to these attacks,” Burt added. 
Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.
Click here to join the free and open Startup Showcase event.
InfluxDB updates aimed at making it easier to build time-series database apps
Data privacy engineering for cloud startup Piiano launches with $9M in funding
Cisco expands Webex hybrid work portfolio with new AI features and devices
Coefficient nabs $6.7M to bring real-time data to spreadsheets
Healthcare applications remain at high risk of cyberattacks
Public cloud security startup Sonrai Security raises $50M in new funding
InfluxDB updates aimed at making it easier to build time-series database apps
BIG DATA – BY MIKE WHEATLEY . 58 MINS AGO
Data privacy engineering for cloud startup Piiano launches with $9M in funding
SECURITY – BY DUNCAN RILEY . 2 HOURS AGO
Cisco expands Webex hybrid work portfolio with new AI features and devices
CLOUD – BY MARIA DEUTSCHER . 2 HOURS AGO
Coefficient nabs $6.7M to bring real-time data to spreadsheets
APPS – BY KYT DOTSON . 2 HOURS AGO
Healthcare applications remain at high risk of cyberattacks
SECURITY – BY DUNCAN RILEY . 3 HOURS AGO
Public cloud security startup Sonrai Security raises $50M in new funding
SECURITY – BY MIKE WHEATLEY . 3 HOURS AGO
Learn about the latest technology trends and how to leverage Arm’s computing solutions at the three-day virtual Arm DevSummit Oct. 19-21. Register here.
Forgot Password?
Like Free Content? Subscribe to follow.

source

Leave a Reply

Your email address will not be published. Required fields are marked *