Russian-Based Group Behind the SolarWinds Attack Has Launched a New Campaign

In December 2020, the world was hit with one of the most sophisticated cyberespionage attacks in history: the SolarWinds attack. (As if we didn’t have enough to deal with in December 2020.) 

To orchestrate the SolarWinds hack, a Russian-based group coordinated the efforts of probably 1,000+ computer engineers to rewrite 4,032 lines of code in a program that contained millions of lines of code – and then they snuck the poisoned rewrite into a regular-old security patch. As a result, tens of thousands of users across the globe downloaded malware and thought it was a security update. Pretty much all of America’s large government agencies downloaded it, including the Pentagon. 

We’ve just learned from Microsoft that the Russian-based group is now trying to duplicate their success with a new cyber attack. Here’s how to keep your business safe. 

 TL;DR: In December 2020, a few lines of code compromised the Pentagon and pretty much all the other big government agencies, along with many companies. The group behind that attack is at it again, so it’s time to secure your systems. Get help now.

Is This Attack Like the SolarWinds Attack? 

The SolarWinds attack was so unbelievably well planned that it was movie-worthy. It was like a heist film, but instead of getting the loot out of the maximum-security area, they managed to get the loot in. The world has never seen anything like it. 

Fortunately, that is not what’s happening now. This time, Nobelium (the group behind the SolarWinds attack) is attempting to gain system access by using garden-variety hacking methods. They’re phishing for credentials, and they’re using trial and error to see if they can break in using default logins (username: admin) or bad passwords (pa$$w0rd). They’re also searching for unpatched vulnerabilities they can leverage. 

Since the companies they’re targeting are primarily resellers and IT service providers in global IT supply chains, we can assume that they’re trying to duplicate their success by secretly breaking into another company that develops or manages software a lot of people use. 

Protecting Your Business from IT Supply Chain Attacks

The type of attack that Nobelium seems to be attempting again is known as a “supply chain attack.” These attacks typically target developers for critical business software, so any company using that software could be affected by the downstream collateral damage of the attack. In the SolarWinds attack the software code was compromised, which put everyone using that software at risk. 

SolarWinds was a complex, comprehensive, and extremely sophisticated attack. It’s important to remember, though, that for every large-scale hacker, there’s some smalltime cybercrook running copycat crimes. Supply chain attacks can be big or small – and the small ones usually attack mobile apps that your employees use every day. 

Since supply chain attacks are (a) everywhere, and (b) not directly targeting your company, you have few options for preventing them. The best idea for this kind of attack is to prepare for the worst and assume that every system everywhere is compromised. 

If you’re a long-time reader of this blog, you can guess the top methods of protecting your business from supply chain attacks: 

While you’re at it, you should also make sure you don’t have any default credentials running on your systems (like username: admin + password: admin), and you should disconnect any hard-to-update devices from the internet. 

Here’s the thing though: keeping up to date with all this IT management is a real pain in the neck – especially with the recent labor shortage that pretty much guarantees your business is short-staffed right now. 

Need a Helping Hand with IT Management? Interplay Has Got You Covered

If you’re unsure whether every single device accessing your networks is fully up to date, or if your staff thinks phishing is a fun activity for the weekend, or if you suspect your marketing department might be sharing some login credentials with outsourcers… we can help tie up all those loose ends for you. After all, we do this every day with our own staff and for all our clients. 

Interplay’s comprehensive in-house and client security strategy includes: 

  • Standard Security Practices. Every Interplay user is subject to standard security requirements, including multi-factor authentication (MFA), device enrollment and management, and rigorous audit logging.
  • Education and Training. Like many of you, we employ security awareness training to ensure everyone recognizes and prevents an attack. The training is mandatory, and it occurs regularly for every single member of our team. Further, when an issue such as Nobelium comes to light, we send additional communications containing vital information to create a heightened state of awareness amongst the team (paying particular attention to those likely to be impacted).
  • Defense in Depth. Interplay always employs a defense-in-depth strategy. From proactive measures like MFA to reactive and monitoring measures like a 24×7 security operations center to rigorous internal processes to ensure compliance and security. Further, in an event like Nobelium, we heighten our efforts to identify any potential attempts to improperly access or use Interplay’s technology footprint.

Ready to work with the local IT experts you can trust to keep your business safer?

Reach Out to Interplay to Button Up Your Cybersecurity

For 20+ years, the friendly and knowledgeable team at Interplay in Seattle has helped business leaders across a range of industries get more out of their tech, stress free. Not only are we always (and we mean always) happy to offer the best managed IT services, support, and advice, we’re also the team you can trust for the best cocktail recommendations here in Seattle or in Disney World – we’re versatile! All humor aside though, we’d love to help you get your IT running smoothly and securely, around the clock.