You have probably heard about Nobelium and the cyber-attacks on SolarWinds in 2020, but do we know who exactly they are and what their objectives are? In this article we tell you about their origin and what actions Microsoft is taking to ensure the security of its services.
What is Nobelium?
The term Nobelium was coined by Microsoft to denote the groups of cybercriminals linked to Russia that last 2020 devastated the supply chain of software developer SolarWinds with multiple massive attacks. Such was their magnitude, that in addition to affecting more than 320,000 companies they have continued to perpetuate attacks on multiple government organizations, NGOs and other agencies to date.
The most recent one was identified just a few days ago by the Microsoft Threat Intelligence Center (MSTIC), in which techniques similar to those used in the SolarWinds case were detected to gain direct access to cloud services used by global IT service providers and supply chains, to which other organizations have provided them with administrative or privileged access.
What is their modus operandi?
According to investigations developed by Microsoft in collaboration with the U.S. and European government security authorities and communities to coordinate and execute countermeasures, Nobelium is believed to be attempting to exploit any direct access that resellers may have to customers' IT systems, and then impersonate the trusted technology partner in order to gain access to them.
It is even believed that this set of cyber attacks do not have an immediate purpose, but instead seek a surveillance strategy and long-term impact for potential targets of this cybercriminal group.
What do these attacks look like?
All of these attacks have mostly been carried out by a set of tools and precise actions, not the result of a product security vulnerability. They include sophisticated malware, password sprays, supply chain attacks, token theft, API abuse and even spear phishing to expose the security of user accounts.
What priority actions can an organization take to improve its security?
Microsoft has recently published a technical guide with the purpose of helping all organizations to protect themselves against Nobelium cyber threats. However, from Intelequia we believe that these 5 points should always be key to any corporate security protocol:
1) Train collective awareness against cyber threats. The most important point is to be prepared and alert, all team members must know how to recognize common mistakes and report to their security teams, possible attacks that may violate the accessibility of information.
2) Have a crisis plan. In the event of an alert situation, there must be an action protocol that guarantees the security of all information and the actions to be taken in a strict manner.
3) Restrict access to corporate devices and equipment. Access to information should always be done in a secure environment that is easily accessible to security teams, preventing employees from using their personal accounts or equipment to access corporate resources, which could affect their integrity.
4) Make backup copies and have a disaster recovery plan in place. Access to an organization's data and information is one of the most critical points if tools are not available to ensure that they can be obtained in this series of cases.
5) Do not disable protection measures under any circumstances (antivirus, antimalware) as this can lead to serious security failures.
Which Microsoft security tools are most effective?
Microsoft has a subset of services and solutions that allow us to shield the security of our data and information in all our devices, some of its main tools are:
Security and compliance
Azure Active Directory: Allows to provide a solution to secure unauthorized access to different devices in the organization.
Azure Sentinel: It offers an intelligent security analysis against all threats to the company, so that you get a single solution to search and detect any incident proactively, generate alerts and immediate response to these.
Centralize the security of your applications
Microsoft 365 Defender: Ensures the operability of your collaborative work teams by having an automated solution that detects, collects, alerts and responds to threats in a corrective way, allowing your security staff to easily coordinate the treatment of any security incident. In fact, a few weeks ago we told you about the update that Microsoft Defender had included to reinforce security against fraudulent emails.