Russian Cyber Attacks on Microsoft Cloud Services Resellers ‘Could Have Been Prevented’


By Staff Writer

Microsoft has shared activity on Russian nation-state actor, Nobelium, which has been targeting organisations integral to the global IT supply chain. Nobelium is now focusing on resellers and other tech service providers that customise, deploy, and manage cloud services and other technologies on behalf of their customers.

Microsoft noted the attacks they’ve observed in the recent campaign against resellers and service providers have not attempted to exploit any flaw or vulnerability in software, but rather used well-known techniques, like password spray and phishing, to steal legitimate credentials and gain privileged access.

Amit Yoran, Chairman and CEO at Tenable, has labelled the attacks as unsophisticated and as, yet another supply chain attack that could have been prevented.

“Those who thought SolarWinds was a once-in-a-lifetime attack didn’t see the writing on the wall. The cybercriminals behind the infamous breach are unsurprisingly at it again. This time, they’re targeting Microsoft cloud services resellers through an unsophisticated yet wide-scale attack. The attacks were preventable had companies implemented basic cyber hygiene measures such as enforcing multi-factor authentication, implementing strong password policies and enabling robust access management.

“Once again, we’re not seeing super sophisticated, never-before-seen techniques behind a major cyberattack. It’s the basics that are still tripping organisations up. What is a relatively new development over the last 12 months is a strategic and continued focus on the software supply chain. This speaks directly to the gaping supply chain security issues that SolarWinds brought to attention — break just one chain link and you can bring down the entire fence.”

This also follows reports that Russia’s premier intelligence agency has launched another campaign to pierce thousands of U.S. Government, corporate and think-tank computer networks. This news comes months after President Biden imposed sanctions on Moscow in response to a series of sophisticated spy operations it had conducted around the world.

Daniel Spicer, Chief Security Officer at Ivanti, says the increase in cyberattacks proves no one is immune to phishing attacks.

“An advanced attack, such as a supply chain or ransomware attack, often starts with basic tactics like social engineering, phishing, or exploiting vulnerabilities in unpatched software to infiltrate environments and deploy malware. According to a recent survey by Ivanti, 74% of respondents said their organizations have fallen victim to a phishing attack in the last year. 80% percent of respondents said they have witnessed an increase in volume of phishing attempts and 85% said those attempts are getting more sophisticated. And 73% of respondents said that their IT staff had been targeted by phishing attempts, with 47% of those attempts being successful – proving that anyone, regardless of experience or cybersecurity savvy, is susceptible to a phishing attack.”

Mr Spicer emphasises the need for a zero-trust framework, which would require all users, whether in or outside an organisation’s network, to be authenticated, authorised, and regularly validated for security configuration before being allowed access to company data, including software and application use.

“Ultimately, most attacks are the result of poor cyber hygiene. To effectively combat phishing attacks, organizations need to implement a Zero Trust security strategy that incorporates unified endpoint management with on-device threat detection and anti-phishing capabilities. Zero Trust is more important today than ever before, and President Biden recently issued an Executive Order stating that federal agencies must develop plans to implement Zero Trust Architecture. Yet all organizations – not just federal agencies – should implement a Zero Trust strategy to achieve comprehensive visibility across users, devices, apps, and networks, and combat growing cyberthreats.”

“As part of a Zero Trust strategy, organizations should consider getting rid of passwords by leveraging mobile device authentication with biometric-based access to eliminate the primary point of compromise in phishing attacks. At the same time, employees should think carefully before clicking on any links. All phishing emails include a call to action and create a sense of urgency. I encourage people to slow down and really think about if the email and call to action makes sense.”