SolarWinds attackers targeting the channel, says Microsoft
Tuesday, October 26, 2021
Nobelium, the Russian-backed threat group that masterminded last year's SolarWinds hack still has the global IT supply chain in its crosshairs, with 140 managed service providers (MSPs) and cloud service providers attacked and at least 14 breached since May this year.
Supply chain attacks to surge.
Ilia Kolochenko, founder of ImmuniWeb and a member of Europol Data Protection Experts Network, believes supply chain attacks will continue their surge into next year.
“Suppliers are the Achilles’ Heel of the largest financial institutions, governmental institutions and providers of critical national infrastructure,” he explains. “Compared to frontal attacks against the victims, attacks against third parties are generally faster, cheaper and less noisy.”
In addition, Kolochenko says suppliers may have access to more data than the victims themselves, for example, by storing more data in backups than contractually allowed or expected. Even worse, some suppliers won’t detect sophisticated intrusions and the victims are never even made aware of the incident.
Attribution of supply chain attacks is also a complex issue, from a technical and legal standpoint, he says. “Cyber gangs actively cooperate with each other, outsourcing some specific tasks to their accomplices in different countries.”
He says only a handful of cyber mercenaries will ever conduct research for new zero-day vulnerabilities or create novel stealth Trojans, but will rather just purchase these from one of the criminal groups who sells them on the dark Web.
Moreover, nation-state actors have been known to hire several hacking groups and creatively split a task between them, and often, cyber gangs are purposely hired from countries like Russia or China as a red herring to confuse the victim and investigators.
“Eventual attribution to a specific person, organisation or even country is thus overly problematic,” he ends. “International collaboration and further expansion of such treaties as the Budapest Convention are essential to curb transnational cyber crime.” Read Full Article
Dark Reading: SolarWinds Attacker Targets Cloud Service Providers in New Supply Chain Threat
CPO Magazine: Apple Makes Case Against App Sideloading by Comparing iPhone Security to Android Malware Stats