Cybersecurity specialists at the Microsoft Threat Intelligence Center (MSTIC) claim that the Russian-linked hacking group behind the attacks on SolarWinds, JBS, and others last year is at it again -- this time going after key players in the global technology supply chain.
The group, known as Nobelium, has “been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain” according to Tom Burt, Microsoft’s corporate vice president of customer security and trust. So far, the group has allegedly targeted more than 140 IT resellers and service providers and compromised as many as 14 since May.
“Russia is trying to gain long-term, systematic access to a variety of points in the technology supply chain and establish a mechanism for surveilling … targets of interest to the Russian government,” Burt said in a blog post.
Hackers use "password spraying" technique
The hackers’ favorite technique this time around is reportedly something called a “password spray.” This attack is a procedure that tries to access a vast number of account usernames via commonly used passwords such as “123456789,” “Password123,” and “picture1.”
DoubleOctopus -- a cybersecurity company focused on password protection -- says even though password spraying is a slow-and-go technique, it does allow hackers to stay undetected by avoiding rapid or frequent account lockouts. That makes it different from traditional attacks that attempt to gain unauthorized access by guessing an account’s password.
In this situation, online users appear to be at the mercy of the service providers and platforms they use to protect their accounts. To that end, Microsoft recommends that companies with online customer systems implement a specific set of protocols to thwart recent Nobelium activity.
Putting protective measures in place
While consumers may need to depend on companies to protect them to some extent, there are still some things they can do to gain an advantage against hackers. In an interview with USAToday, Craig Danuloff, CEO of The Privacy Co., offered these tips to make personal passwords and information less susceptible:
Do not reuse passwords on any important accounts. Keeping your passwords unique helps ensure that hackers can’t access all of your important accounts if they figure out just one of your passwords.
Use two-factor authentication wherever possible. Amazon, Apple, Google, and other major tech players use this method because it works well. Here’s a guide that goes over two-factor authentication and other cybersecurity steps you can take to protect yourself.
Choose platforms that use end-to-end encryption. This is a method that Zoom now uses after learning a valuable lesson without it. “Files or photos sitting in cloud storage can be stolen,” Danuloff said. “If they’re in a database that has no keys or just one master key, all of your personal data has a much higher likelihood of being stolen, accessed, and maybe even shared publicly.”
Don’t give up your data to every site that asks for it. “Data that isn’t there can’t be stolen,” Danuloff said. All kinds of services ask for your address, phone number, or even your Social Security number. “The vast majority of them don’t need it,” he said. So give them “alternative facts.” Use burner email accounts.
Use a personal monitoring service -- aka ID theft protection -- that informs you when your data has been stolen in a hack or when there are signs of identity theft.