Microsoft Issues Warning of New Supply Chain Attacks by Nobelium Group
The notorious hacking group, Nobelium, has launched attacks against more organizations in a bid to derange the global information technology supply chain ecosystem. According to Microsoft, it has alerted IT resellers and service providers about the latest attacks by Russian government-backed hackers. The company further said that the malicious actors have targeted 140 companies so far, with 14 of them attacked in the last 8 months.
This is the latest wave of attacks targeted at global supply chains. And it underscores the importance of robust data protection and third-party risk management for IT resellers and service providers.
While Nobelium has a sophisticated history, it made global headlines last year after the SolarWinds hack. The Russian state-backed actor exploited a security loophole in the Orion networking monitor software made by SolarWinds to execute the attack.
One year down the line, the group has hit again with a new attack. But this time around, the targets are IT resellers and service providers, specifically those providing cloud services and other tech solutions to their clients.
The Goal of Nobelium
Cybersecurity experts believe that with its newest form of attack, Nobelium intends to gain firsthand access to the IT infrastructures and services that resellers manage for their clients. And if the group successfully executes its plan, it could then imitate an IT service provider to target its distal clients.
Starting in the summer of 2021, these supply chain attacks are part of the group’s more extensive plan of activities, said Microsoft. The company further stated that it cautioned more than 600 of its clients from July 1 to October 19 that Nobelium has targeted them 22,868 times. Luckily, the success rate for those attacks has been meager.
From how the attack unfolded, it can be ascertained that the malicious actors used a combo of phishing and password spraying attacks to access the systems of IT resellers and cloud service providers. They also likely relied on automation tools to attempt logging into multiple systems where the default passwords for new users weren’t changed. Plus, people who created weak passwords or used the same password for multiple systems, sites, and applications were also the potential targets.
Microsoft also released a second warning whereby it cautioned cloud service providers with high-value downstream clients about possible attacks from Nobelium. It stated that the hackers are picking high-value accounts to further target their distal clients. While the group didn’t exploit a security defect, it relies more on techniques like API abuse, spear phishing, and token theft to execute its malicious designs.
Element of Cyber Cold War?
Nobelium plays a key role in Russia’s endeavors to target global IT supply chains and spy on foreign governmental activities. And since the cyber cold war is at its peak, many countries and their proxy groups have increased the frequency and intensity of attacks to conduct espionage and even undermine their rival countries.
The United States has clearly named China and Russia as the primary countries responsible for many cyber attacks. For instance, it held Russia responsible for the SolarWinds attack because Nobelium is supported by the Russian government. The malicious actors group exploited a security defect in the Orion software to execute the SolarWinds attack. The attackers then successfully tracked internal communications at US government agencies and private companies that relied on Orion software.
Key Steps to Protect Your Data and Importance of TPRM
So, how do you protect your data in the face of this newest form of supply chain attack by the Russia-backed hacker group? Microsoft has provided several cybersecurity recommendations for IT resellers and cloud service providers. And based on those recommendations, here’s how you can protect your data:
- Enable multi-factor authentication
- Check, monitor, and audit activity logs
- Take away assigned privileges immediately after the tasks are accomplished
- Monitor administrator accounts
- Check service provider privileges
While these are rigorous measures to secure your supply chain, many companies lack the resources required for implementation of these recommendations. But decision-makers must take immediate action and allocate resources for swift execution of these measures. Otherwise, the damages will not only be limited to data breaches but also affect your reputation and business continuity. Plus, it could land your business in legal and regulatory troubles.
Cybercriminals are resorting to modern methods and newer technologies to compromise supply chains. As such, the traditional, manual methods of vendor risk management will no longer secure your business against the evolving threats. Your organization needs a technology-driven and robust supply chain risk management system.
The good news is that a reliable and modern third-party risk management (TPRM) solution can protect your organization against most types of supply chain attacks without having you break the bank. Many TPRM platforms with automation features allow you to onboard suppliers, monitor third parties, and conduct risk assessment and remediation.
But not all TPRM software solutions are created equal. It is crucial to do your research and choose a solution that not only protects your supply chain but is also powerful, scalable, and continuously updated with new and rich features.
Your Supply Chain Needs a 360 Degree Security
Vendor360 is a next-generation third-party risk management platform by CENTRL that provides complete oversight to your entire supply chain. This user-friendly software allows you to gather your suppliers' data, automate your risk monitoring and assessment, and get complete control over your third-party risk management function - all from a single dashboard.
This software not only speeds up the vendor selection and onboarding process but also makes it all the more secure. Plus, the centralized directory allows you to manage all your vendor information in a single cloud-based platform.
The best part is that using Vendor360, you can automate many repetitive and tedious tasks like risk assessments, monitoring, and audits. On top of that, you can quickly track and remediate even the most complex supply chain threats and provide your suppliers with a powerful application to promptly act against threats.
Want more information? Contact us now!