You may recall Nobelium from the infamous software supply chain attack on SolarWinds in 2020 that enabled bad actors access to various US government computers. Nobelium has been busy replicating its success on new prey: CSPs (Cloud Service Providers), MSPs (Managed Services Providers), and other IT service providers.
In a recent Microsoft blog post, NOBELIUM targeting delegated administrative privileges to facilitate broader attacks, the company states it “has observed NOBELIUM targeting CSP (Cloud Service Provicer) and MSP (Managed Service Provider) with privileged service accounts to move laterally in cloud environments, leveraging the trusted relationships to gain access to downstream customers and enable further attacks or access targeted systems. These attacks are not the result of a product security vulnerability but a continuation of NOBELIUM’s use of a diverse and dynamic toolkit that includes sophisticated malware, password sprays, supply chain attacks, token theft, API abuse, and spear phishing to compromise user accounts and leverage the access of those accounts. These attacks have highlighted the need for administrators to adopt strict account security practices and take additional measures to secure their environments.”
Microsoft recommends that cloud service providers, technology organizations with elevated privileges for customer systems, and all downstream customers of these organizations review and implement the following actions to help mitigate and remediate the recent NOBELIUM activity:
Cornerstone has become aware of the most recent ransomware threats to managed services providers. We take these threats seriously. When we receive an alert from the various threat sources, we all need to be flexible and ready to adjust at a moment’s notice.
This week Cornerstone received such an alert and immediately put measures into effect to help manage and mitigate the threat. Cybersecurity is a multi-level approach; additional efforts have been stepped up, including simulated phishing emails and awareness training.
Contact Cornerstone.IT to talk about best practices and running a Cybersecurity Readiness Awareness Assessment.