According to Microsoft, the Russian-backed threat group Nobelium, which was responsible for the massive SolarWinds supply chain attack last year, has continued to target the global IT supply chain, with 140 MSPs and cloud service providers attacked, and at least 14 breached since May 2021.
When cybercriminals find an attack method that works, they stick with it, so it’s not surprising that the Nobelium threat group is continuing to target downstream customers through their service providers in order to inflict maximum damage. Rather than exploiting vulnerabilities or security flaws, the group is now using methods such as credential stuffing, phishing and API abuse to gain access to systems.
The good news is that organizations can help prevent these kinds of attacks by implementing security best practices including enabling MFA and minimizing access privileges. To accomplish this rapidly and effectively, however, it’s crucial to have a robust and automated third-party security management program in place to assess supply chain partners, close cyber gaps and continuously monitor for any issues.”