February 26th — Western officials have warned that the cyber spies responsible for the 2019 SolarWinds breach are altering their methods and preparing to infiltrate organizations that have transitioned their networks to the cloud.
In the past, cloud hosting has presented a challenge for hackers, as it has significantly diminished the attack surface, limiting hackers’ capacity to exploit unpatched software.
However, a hacking group that’s connected to Russia’s Foreign Intelligence Service (SVR) is working to circumnavigate this challenge.
Access tokens
In the last year, these hackers have been caught pinching system-issued access tokens in order to compromise victim accounts. Theft of the tokens typically occurs when the hackers compromise personal, unmanaged devices that have access to corporate resources.
Upon infiltrating the target’s cloud environment, hackers have registered their own devices as authorized devices on the network, helping them to establish sustained and persistent access.
The National Cyber Security Council of the U.K has previously ascertained that SVR involvement in the SolarWinds strike is highly likely.
The British government stated that the incident was “part of a broader trend of cyber intrusions by the SVR, which has previously sought to access governments across Europe and NATO members,” although this analysis may be incomplete.
Nation-state hacking
As nation-state hacking grows increasingly sophisticated (and pervasive), organizations need to employ the strongest threat prevention measures possible. Traditional cyber security approaches are insufficient amidst highly skilled cyber adversaries.
- Ensure that your organization implements cutting-edge technologies, including tools infused with artificial intelligence and machine learning capabilities, to elevate your level of cyber preparedness.
- Ensure that your organization uses a reputable endpoint security solution on all devices, including mobile devices, to prevent ransomware, spyware and other threats.
- Deploy email security solutions that can identify and block social engineering attempts before they reach employees’ inboxes.
- Have a patch management system in place. Keeping up with patching ensures that security gaps are closed before hackers can exploit them.
- Educate employees around the latest threat types and ensure that employees know how to respond to suspicious activities; digital or physical.
For more on the latest cyber security trends, click here. Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.