According to Microsoft, Nobelium, the same hacking group behind the SolarWinds attack from last year, is back wrecking havoc in IT systems world wide.
The news was first broken on October 24th, 2021 by Tom Burt, Microsoft's Corporate Vice President of Customer Security & Trust. In a posted advisory on the company's website, Burt warned that Nobelium has changed their tactics and now rely on piggybacking direct access to IT systems from cloud and software service resellers.
According to the advisory, Microsoft first noticed Nobelium's recent activity back in May. To date, 140 service providers have been targeted and as many as 14 have been compromised.
Burt also mentioned that between July 1st and October 19 of this year Nobelium launched 22,868 attacks. That number is staggering, considering before July 1st, Microsoft only saw 20,500 similar attacks over a three year period.
Thankfully, these attacks aren't leveraging any existing exploit, like a flaw or known vulnerability. Nobelium is using simple phishing and password-spraying attacks to break in to their targets systems.
What is a Password Spraying Attack?
Pretty much exactly what it sounds like. It's a brute-force style attack where a would-be attacker literally sprays passwords at a user accounts until one sticks.
By using one password at a time across multiple accounts the attacker is usually able to remain undetected.
Attackers go after a wide array of targets including, but not limited to:
- Remote Desktop Software
- Active Directory Federated Services
- Cloud Services (i.e. Office365)
What to Look For
- A high number of authentication attempts within a set period of time
- Large numbers of bad usernames
- High number of account lockouts within a set period of time
How to Stop a Password Spraying Attack
- Implement multifactor authentication
- Use complex passwords
- Implement a strong password reset policy
- Increase alerting and monitoring
Microsoft recommend users enable Multi-Factor Authentication (MFA), as it provides an added level of security, just in case the attackers actually have or hit upon a valid username and password combination.
What is Multi-Factor Authentication and Why is it Important?
Multi-factor authentication is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).
Multi-factor authentication is a major part of securing important information systems from potential threats. It provides a secondary layer of credentials that need to be provided in order to access sensitive data.
While some users prefer easy SMS message two-factor authentication, there are actually many different types of multi-factor authentication:
Biometric scanning: Fingerprints, iris and retina scans, facial recognition software, voice recognition software, hand shape, and other physical variables.
Location factors: GPS tracking, used in many smartphones, can be used to ensure that logins are occurring from legitimate devices rather than from illogical IP addresses.
Possession factors: If a user has specific devices on their person, like a key card or a smartphone, they have access to several forms of multi-factor authentication procedures.
Remember, by using multi-factor authentication, you’re making it twice as difficult for hackers to access your data, which mitigates much of the risk. By taking advantage of multi-factor authentication tactics, you can limit your data’s exposure to threats and maximize security.
Multi-factor Authentication Technologies
Depending on what type of authentication protocol you use, you’ll have either a hardware-based device or a software-based security token. An example of a hardware-based security measure is a USB dongle that acts as a key to the device, while software-based tokens generate a security code that is sent to a smartphone.
There are many other types of multi-factor authentication, like those that take advantage of biometrics, but due to the incredible popularity of smartphones in the business world, the most common methods of multi-factor authentication are by far SMS messages that are sent to a user’s smartphone.
Other security practices that are seen quite often are employee ID cards and GPS technology that verifies the location of the person accessing the account or building. Some people are even hardcore enough to embed smart chips in their hands, but that’s a topic to discuss another day. Basically, executives and IT professionals are doing whatever it takes to ensure that their physical and digital infrastructures remain secure from any and all trespassers.
Cyber-Liability Insurance and MFA
Because of the uptick in (preventable) attacks, many cyber-liability insurers are now requiring their clients have an MFA solution before they'll even be issued a policy. If they don't not only can they forget about having a policy issued to protect them, but an existing policy might not even pay out.
In case you're wondering what type of MFA solutions are out there, we just had a webinar with one of our partners, OneLogin regarding MFA (and Identity and Access Management) and if you're interested in checking that out, you can do so here.
It's very informative and worth watching.
Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.