On January 10, 2017 Microsoft Corporation announced that it had identified new supply chain attacks targeting the technology giant’s enterprise customers. The attacks were orchestrated by the Russian-backed hacker group known as Nobelium and used spear phishing to deliver tainted Microsoft Office documents with embedded links to malicious websites.
While Microsoft does not have evidence of the attack affecting customer information, according to the company’s statement on its website this attempt demonstrates the lengths to which cybercriminals will go to steal your information. Microsoft has taken action by patching the vulnerabilities in affected versions of its software and has encouraged users to keep their systems updated and change their passwords regularly.
Why are hackers targeting the supply chain?
The supply chain is a crucial part of any business, and hacking it can have serious consequences. By targeting the supply chain, hackers can potentially disrupt the entire operation of a company. In the case of Microsoft, the hackers were able to insert malicious code into a software update, which was then distributed to customers. This allowed the hackers to gain access to customer data. While it’s not clear what the hackers’ ultimate goal was, it’s possible that they were trying to collect intelligence or plant malware on customers’ systems.
Who is behind this attack?
Microsoft has warned that a Russian-backed hacking group called Nobelium has been infiltrating its supply chain in order to carry out attacks. This is not the first time that Nobelium has been behind such an attack, as they were also responsible for the SolarWinds hack last year. The attackers targeted and then stole data from companies such as SAP, Symantec and NetApp.
The warning came just weeks after Microsoft had issued a warning about cyberattacks targeting critical infrastructure in December 2018. The company had said that it was aware of a limited number of attacks but had not given any details on who may be behind them or what specific targets had been hit.
How to protect yourself
Microsoft has warned of a new cyberattack by the Russian-backed Nobelium group. The hackers were able to infiltrate Microsoft’s supply chain and insert malicious code into software updates. The code was then used to steal data from targets. Here are steps you can take to protect yourself:
- Review your settings in Windows Update and Windows Defender, unchecking any options that may be labeled Recommended or Important.
- Use caution when opening email attachments and downloading files from unfamiliar sources.
- Keep your security solutions up-to-date with the latest patches, including antivirus programs, firewalls, etc.
- Be cautious when connecting devices like USB drives or external hard drives to your computer. Only use these types of devices if you have scanned them for viruses first.
- Don’t trust messages that ask for urgent action or warn about something being wrong without providing further details. These types of messages are typically phishing scams designed to trick users into giving away sensitive information, installing malware, or providing payment card numbers.
- Immediately delete suspicious emails rather than forward them to an account outside your organization where they could infect other users’ computers.
How did they infiltrate their system?
According to Microsoft, the hackers infiltrated their system through a compromised solar winds update. This allowed them to access email accounts and install malware on devices. The hackers then used these devices to gain access to sensitive information and steal data. Microsoft has warned that this type of attack is becoming more common and that businesses need to be aware of the risks.
What should you do?
- Keep your software up to date. Microsoft has released patches for the vulnerabilities exploited by the Nobelium group, so make sure your systems are up to date.
- Be extra vigilant about phishing emails. The group used phishing emails to gain initial access to targets’ systems, so be extra careful about any suspicious emails you may receive.
- Educate yourself and your employees about supply chain attacks. Understand how these types of attacks work and how to prevent them. While these steps will not entirely stop a determined attacker, they can significantly reduce their chances of success. In addition, educate your employees on what this type of attack is and what they should do if they suspect their system or network is compromised.