720-891-1663
Return to the list of client alerts
Malwarebytes announced last week that they were targeted by the same attacker that compromised SolarWinds Orion.
HOWEVER, they are not a SolarWinds Orion user.
DHS CISA says that nearly 30% of the organizations attacked had no direct connection to SolarWinds.
The attackers may have used password spray attacks to get an initial footfold and then use the same tools that were found inside the rest of the SolarWinds victims to launch the bigger attack.
SolarWinds is investigating whether the attackers used a combination of privilege escalation and authentication attacks in Microsoft’s cloud services as an initial attack vector.
Microsoft didn’t deny this. The Microsoft VP of Security, Compliance and Identity says to think of this as the new normal.
That means that YOU need to think of this as the new normal too.
Credit: ArsTechnica