https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • Product Guides
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • Product Guides
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Security


Partner content

SolarWinds attacker targets cloud service providers in new supply-chain threat

SolarWinds attacker targets cloud service providers in new supply-chain threat

  • Written by Jai Vijayan / Dark Reading
  • 26th October 2021

Nobelium, the Russia-based threat actor behind the supply chain attack on SolarWinds, is targeting cloud service providers and IT services organizations in a large-scale and ongoing campaign designed to infiltrate systems belonging to downstream customers of these companies.

Since May, Nobelium has attacked at least 140 cloud service providers and compromised 14 of them, according to Microsoft, which has been tracking the campaign.

Once on a service provider’s network, Nobelium has been targeting the privileged accounts that providers use to access and manage networks belonging to their downstream customers. It has used several tactics, including password spraying, phishing, token theft, and API abuse, to steal legitimate credentials for these accounts. The attackers have then used the privileged accounts to gain a foothold on systems belonging to targeted downstream customers of the service provider. Victims have included enterprise organizations, technology vendors, government entities, and think tanks, Microsoft says. Most of the organizations that have been targeted are based in the United States or countries across Europe.

The attacks on service providers — and resulting compromises — are not the result of product security vulnerabilities. Rather, they are the result of Nobelium actors taking advantage of any direct access that Internet and cloud service providers have to their customer systems, said Tom Burt, corporate vice president of customer security and trust at Microsoft, in a blog posted Sunday.

“We believe Nobelium ultimately hopes to piggyback on any direct access that resellers may have to their customers’ IT systems and more easily impersonate an organization’s trusted technology partner to gain access to their downstream customers,” Burt wrote.

This latest Nobelium campaign is an example of attackers’ growing focus on targets that provide them with means to compromise multiple organizations at the same time without having to break into each one separately. Examples of such targets include cloud service providers, managed service providers, software vendors, and other trusted entities in the technology supply chain, many of which have privileged access rights on networks belonging to their customers.

In the SolarWinds campaign, Nobelium broke into the company’s software build environment and used its access to quietly embed malicious code into legitimate updates of SolarWinds’ Orion network management product. That single intrusion gave the attacker a way to distribute malware to thousands of organizations, though it was interested in stealing data from only a small subset.

“This time, it is attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers,” Burt said.

In July, threat group REvil used a similar tactic by targeting a Kaseya server technology — which many managed service providers use — to distribute ransomware to thousands of their downstream customers.

For enterprise organizations, the main takeaway from such attacks is that supply chain threats extend well beyond just software vendors, says Jake Williams, co-founder and CTO at BreachQuest. IT service providers often have relatively poor security themselves while simultaneously having access to numerous customer networks, he adds.

To read the complete article, visit Dark Reading.

 

Tags: Alerting Systems Applications Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness News Public Safety Security Software State & Local Government System Operation Test & Measurement Tracking, Monitoring & Control Training Partner content

Most Recent


  • The shine begins to wear off 5G private wireless
    Verizon had high hopes for private wireless networking. The company had predicted that by now it would be well on its way to making billions of dollars from the sale of custom 4G and 5G networks dedicated exclusively to its enterprise customers. Indeed, during 2021 Verizon execs pegged the total addressable market for private wireless at around […]
  • Phishers trick Microsoft into granting them 'verified' Cloud Partner status
    Late last year, a group of threat actors managed to obtain “verified publisher” status through the Microsoft Cloud Partner Program (MCPP). This allowed them to surpass levels of brand impersonation ordinarily seen in phishing campaigns, as they distributed malicious applications bolstered by a verified blue badge only ever given to trusted vendors and service providers in […]
  • Shapeshifting robot can morph from a liquid to a solid
    A new shape-shifting robot can reversibly morph between liquid and solid shapes. The novel design was created by a team of engineers from The Chinese University of Hong Kong and Carnegie Mellon University. Inspired by sea cucumbers’ ability to go both soft or rigid depending on its environment, the miniature robot was built using magnetic […]
  • Automakers against stampede to BEV dominance
    When the president of the world’s biggest carmaker talks, people listen. So, when Toyota President Akio Toyoda said, in September of last year, that bans on ICE cars within 10 to 15 years  will be “rather difficult to achieve” because EVs “are just going to take longer than the media would like us to believe,” […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • QR codes help attackers sneak e-mails past security controls
  • 6 eye-opening statistics about software supply-chain security
  • Cloud security is key to cybersecurity resilience in state and local governments
  • Damages escalate rapidly in multi-party data breaches

Commentary


How 5G is making cities safer, smarter, and more efficient

26th January 2023

3GPP moves Release 18 freeze date to March 2024

18th January 2023

Do smart cities make safer cities?

  • 1
6th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

The shine begins to wear off 5G private wireless dlvr.it/Shth0P

3rd February 2023
UrgentComm

Phishers trick Microsoft into granting them ‘verified’ Cloud Partner status dlvr.it/Shqngn

2nd February 2023
UrgentComm

Shapeshifting robot can morph from a liquid to a solid dlvr.it/Shqk9K

2nd February 2023
UrgentComm

Automakers against stampede to BEV dominance dlvr.it/ShpX08

2nd February 2023
UrgentComm

FCC nominee Gigi Sohn headed for third Senate hearing dlvr.it/ShpDcZ

1st February 2023
UrgentComm

Sign up to learn how to successfully manage your Motorola ASTRO® 25 System: spr.ly/60143j8fp https://t.co/XcxiUwzN27

1st February 2023
UrgentComm

Hytera parent cites financial health, but unable to make royalty payment to Motorola Solutions dlvr.it/ShlrlM

1st February 2023
UrgentComm

NATE: Todd Schlekeway highlights organization’s safety, legislative initiatives dlvr.it/ShljHj

1st February 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.