Malwarebytes Said It Was Hacked By the Same Group Who Breached SolarWinds (zdnet.com)
- Reference: 0141275518
- News link: https://it.slashdot.org/story/21/01/19/221259/malwarebytes-said-it-was-hacked-by-the-same-group-who-breached-solarwinds
- Source link: https://www.zdnet.com/article/malwarebytes-said-it-was-hacked-by-the-same-group-who-breached-solarwinds/
> Malwarebytes said its intrusion is not related to the SolarWinds supply chain incident since the company doesn't use any of SolarWinds software in its internal network. Instead, the security firm said the hackers breached its internal systems by exploiting an Azure Active Directory weakness and abusing malicious Office 365 applications. Malwarebytes said it learned of the intrusion from the Microsoft Security Response Center (MSRC) on December 15.
>
> At the time, Microsoft was auditing its Office 365 and Azure infrastructures for signs of malicious apps created by the SolarWinds hackers, also known in cyber-security circles as UNC2452 or Dark Halo. Malwarebytes said that once it learned of the breach, it began an internal investigation to determine what hackers accessed. "After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails," [3]said Marcin Kleczynski, Malwarebytes co-founder and current CEO.
[1] https://www.zdnet.com/article/malwarebytes-said-it-was-hacked-by-the-same-group-who-breached-solarwinds/
[2] https://it.slashdot.org/story/20/12/15/1810225/solarwinds-says-18000-customers-were-impacted-by-recent-hack
[3] https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/
Re: (Score:2)
Wondering if its related to this:
[1]https://threatpost.com/mimecas... [threatpost.com]
[1] https://threatpost.com/mimecast-certificate-microsoft-supply-chain-attack/162965/
This blows my mind (Score:2)
Why would a cyber security company trust their data to the cloud? Are they tat incapable of internal IT infrastructure? Of all people that should be able to incorporate the best security that can be implemented you would think it would be them. The only thing I can think is their a combination of lazy and cheap. Even I don't trust my data to the cloud. Are my defenses any better than theirs? Good question and probably not, but I'm not a security firm with assets like theirs to protect. What an embarrassment
tell it to Atlassian unless buy an 500 man severer (Score:2)
tell it to Atlassian unless buy an 500 man server they want you on cloud
Security has 100 specializations. Ask FireEye (Score:2)
> Are they tat incapable of internal IT infrastructure? Of all people that should be able to incorporate the best security that can be implemented you would think it would be them.
Yes, MalwareBytes is self-aware enough to know that their expertise is Windows malware detection - not networking, not hardware, not enterprise storage, not databases, not IAM, not web application security, not east-west traffic monitoring, etc. They've even told me recently that they aren't that good at malware REMOVAL, just
Re: (Score:2)
Exchange is pretty typical for many organizations. The Office 365 offering makes it really affordable and it comes with continuous updates. Also means more attacks pointed at MS infrastructure and less at yours. Unless you write all of your own software at some point you have to trust others.
Seems that not everyone using Office 365 received these malicious Office applications, which is interesting all by itself.
Re: (Score:2)
More embarrassing: they had to be notified of their own security breach by an outside party (Microsoft). Ouch.
Install Anti-Virus software (Score:2)
If only Malwarebytes was in the business of security and knew what to do to secure themselves.
Windows [insert random version moniker here] (Score:1)
The least, sorry, _most secure_ Windows ever.
What hasnâ(TM)t been hacked because of it, or its companion products?
Welll.... That's ironic (Score:2)
Considering they are a company who makes money removing hacks and protecting people, supposedly. Now all bets are off. The hack in solarwinds is a backdoor. It has full privileges. It is essentially shoveling a root shell into the internet. This means, any one of these machines that isn't wiped to the firmware is potentially root-kitted, and there is NO way to detect it. It can hide processes, files, recompile things, download new polymorphs of the same code from the internet at any time, and you would N
Enable 2FA and pray (Score:2)
Office365 without 2FA is very easy to social-engineer your way in. If it isn't turned on, expect that you already have been hacked.
Re: (Score:3)
Definitely worth checking Sign-Ins in AAD. I see login attempts from all over the world on a regular basis. I highly recommend using Conditional Access policies.