Wednesday, April 14, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm

January 20, 2021
in Internet Privacy
SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike.

The company said its intrusion was not the result of a SolarWinds compromise, but rather due to a separate initial access vector that works by “abusing applications with privileged access to Microsoft Office 365 and Azure environments.”

You might also like

Detecting the “Next” SolarWinds-Style Cyber Attack

Hackers Using Website’s Contact Forms to Deliver IcedID Malware

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

The discovery was made after Microsoft notified Malwarebytes of suspicious activity from a dormant email protection app within its Office 365 tenant on December 15, following which it performed a detailed investigation into the incident.

“While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor,” the company’s CEO Marcin Kleczynski said in a post. “We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments.”

The fact that initial vectors beyond SolarWinds software were used adds another missing piece to the wide-ranging espionage campaign, now believed to be carried out by a threat actor named UNC2452 (or Dark Halo), likely from Russia.

Indeed, the US Cybersecurity and Infrastructure Security Agency (CISA) said earlier this month it found evidence of initial infection vectors using flaws other than the SolarWinds Orion platform, including password guessing, password spraying, and inappropriately secured administrative credentials accessible via external remote access services.

“We believe our tenant was accessed using one of the TTPs that were published in the CISA alert,” Kleczynski explained in a Reddit thread.

Malwarebytes said the threat actor added a self-signed certificate with credentials to the principal service account, subsequently using it to make API calls to request emails via Microsoft Graph.

The news comes on the heels of a fourth malware strain called Raindrop that was found deployed on select victim networks, widening the arsenal of tools used by the threat actor in the sprawling SolarWinds supply chain attack.

FireEye, for its part, has also published a detailed rundown of the tactics adopted by the Dark Halo actor, noting that the attackers leveraged a combination of as many as four techniques to move laterally to the Microsoft 365 cloud.

  • Steal the Active Directory Federation Services (AD FS) token-signing certificate and use it to forge tokens for arbitrary users
  • Modify or add trusted domains in Azure AD to add a new federated Identity Provider (IdP) that the attacker controls.
  • Compromise the credentials of on-premises user accounts that are synchronized to Microsoft 365 that have high privileged directory roles, and
  • Backdoor an existing Microsoft 365 application by adding a new application

The Mandiant-owned firm has also published an auditing script, called Azure AD Investigator, that it said can help companies check their Microsoft 365 tenants for indicators of some of the techniques used by the SolarWinds hackers.


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

Data Science Central Weekly Digest, 18 Jan 2021

Next Post

A Chinese hacking group is stealing airline passenger details

Related Posts

Detecting the “Next” SolarWinds-Style Cyber Attack
Internet Privacy

Detecting the “Next” SolarWinds-Style Cyber Attack

April 14, 2021
Hackers Using Website’s Contact Forms to Deliver IcedID Malware
Internet Privacy

Hackers Using Website’s Contact Forms to Deliver IcedID Malware

April 14, 2021
New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices
Internet Privacy

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

April 13, 2021
BRATA Malware Poses as Android Security Scanners on Google Play Store
Internet Privacy

BRATA Malware Poses as Android Security Scanners on Google Play Store

April 13, 2021
Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data
Internet Privacy

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

April 13, 2021
Next Post
A Chinese hacking group is stealing airline passenger details

A Chinese hacking group is stealing airline passenger details

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Five Top Quality APIs
Learn to Code

Five Top Quality APIs

April 14, 2021
Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch
Internet Security

Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch

April 14, 2021
Detecting the “Next” SolarWinds-Style Cyber Attack
Internet Privacy

Detecting the “Next” SolarWinds-Style Cyber Attack

April 14, 2021
Weekly NFT roundup March 23-29: Circle, Klaytn, and more
Blockchain

Weekly NFT roundup April 7–13: Christie’s, Triller, and more

April 14, 2021
Machine learning can help keep the global supply chain moving
Machine Learning

Machine learning can help keep the global supply chain moving

April 14, 2021
Why I Think That Avengers: Age of Ultron is One of the Best Sci-Fi Movies About A.I | by Brighton Nkomo | Apr, 2021
Neural Networks

Why I Think That Avengers: Age of Ultron is One of the Best Sci-Fi Movies About A.I | by Brighton Nkomo | Apr, 2021

April 14, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Five Top Quality APIs April 14, 2021
  • Cybersecurity: Victims are spotting cyber attacks much more quickly – but there’s a catch April 14, 2021
  • Detecting the “Next” SolarWinds-Style Cyber Attack April 14, 2021
  • Weekly NFT roundup April 7–13: Christie’s, Triller, and more April 14, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates