Microsoft warns SolarWinds hacking group Nobelium is targeting its customers
Tuesday, June 29, 2021
In addition, Microsoft SRC detected information-stealing malware on a machine belonging to one of its customer support agents. The threat actor used the information in some cases to launch highly targeted attacks.
“The exposed hacking campaign brings compelling evidence that the overall cybersecurity hygiene is largely deficient,” Ilia Kolochenko, founder and chief executive of web security company ImmuniWeb, told SiliconANGLE. “For instance, password spraying and credential-stuffing attacks are preventable by enabling multifactor authentication, restricting access to the accounts from specific networks or at least countries, and can be easily spotted by anomaly detection systems.”
Phishing is another common phenomenon that can be mitigated by ongoing security awareness and training programs for employees, Kolochenko noted, adding that security training when combined with continuous monitoring, threat detection systems and sandboxing can reduce the risk to near zero even when an employee makes a mistake.
“Attacks on mobile devices and BYOD is another hot topic, but master data management systems can likewise artfully reduce the related cyber risks,” Kolochenko said. “Therefore, organizations need to invest in cybersecurity baselines and implement a consistent information security strategy. Otherwise, even technically unsophisticated attacks will continue their surge.” Read Full Article
IT PRO: GDPR 2.0: What do Europe’s new AI rules mean for businesses
The Register: ‘What are the odds someone will find and exploit this?’ Nice one — you just released an insecure app