Press "Enter" to skip to content

Nobelium is hacking IT service providers and MSPs

The SolarWinds hackers, Nobelium, are still going after the IT supply chain.    Per information released by Microsoft, they’ve hit 140 managed services providers and cloud service providers and breached at least 14 since May 2021.   The campaign specifically targets resellers and technology service providers.   Microsoft also issued guidance, including items I’ve not noted before.  First, they advise using the Activity Log in Partner Center to monitor user creations, assignments and the like.  Second, they are offering providers a free two year subscription of Azure Active Directory Premium Plan 2 to get management and reports on access privileges. 

Beyond that, paying ransom may be bad for your image.  Survey results from Cohesity say that 81% were aware of the recent attacks – Colonial Pipeline, Kaseya, SolarWinds… and more than half say paying the ransom encourages more ransomware, 43% believe it increases prices and 40% do not believe organizations should pay.   23% would stop doing business with that company, and 48% said they’d give this a lot of thought. 

Research by Deloitte says that 98% of US executives have come across at least one cyber security event.  The number is 84% internationally.    There is also a corresponding uptick in attack attempts – 86% of US execs noticed, compareds to 63% worldwide.   That said, only 41% of organizations have implemented solutions to tracxk and monitor the risk factors associated with staff access and behavior. 

Some good news in this – CISA is investing $2m in training new cybersecurity professionals through training veterans, military spouses, women and people of color for positions.   

Why do we care?

That note from Microsoft – seems like a key feature for a monitoring tool, particularly since there is an API for this.     Just sayin’, I bet some product manager somewhere is listening.

The main story is  another version of an actually familiar headline – IT service providers and managed services providers, you are being explicitly targeted.   And this time, by nation states.

I’ve been thinking about the parallels of cybercrime with physical crime again recently.    If armed gangs of international criminals are actively breaking into businesses under the cover of another country’s government… why is our response just to buy better locks for the store?    Aren’t the lock makers simply better served by this answer?    Think of the parallel here some more – imagine a physical world where roving gangs are constantly banging at the door and the moving unimpeded.   

Because that’s what the US is currently accepting.     I’m pondering this framing right now… which is why we care.