This is the first post in a four-part series on the NOBELIUM nation-state cyberattack. Microsoft started telling the industry about this extremely advanced cyberattack in December 2020. The NOBELIUM blog series–which reflects Microsoft’s four-part video series “Decoding NOBELIUM”–will pull the curtain back on the world countries of menace detection and showcase insights from cybersecurity professionals on the front line, both Microsoft defenders and other industry experts.
In many lanes, the NOBELIUM nation-state cyberattack realise the deepest dreads of United Nation cybersecurity experts, according to Microsoft 365 Security Corporate Vice President Rob Lefferts. It was a supply chain assault. It was methodically planned and executed. And it impacted multiple world-class corporations with strong security squads. Perhaps, your company was one of them–or perhaps you know someone who works at a company that was affected. As we begin Cybersecurity Awareness Month in October, the far-reaching nature of such attacks is ever-present on our thinkers, which is one reason why more than 3,500 Microsoft security experts actively defend and protect organizations from cyberattacks every day.
Nation-state assaults are malicious cyberattacks that originate from a particular country and are an attempt to further that country’s interests. Numerous organizations were impacted by the NOBELIUM attacks. Such onslaughts are fueled by geopolitical rival and a desire to gain an advantage over other nations, such as by stealing intellectual property rights for financial benefits or supporting traditional espionage.
In December 2020, Microsoft began sharing information with the cybersecurity industry on what would become widely recognized as the most sophisticated nation-state cyberattack in history. NOBELIUM, a group of Russia-based hackers, gained access to multiple endeavors through vulnerable software code, stolen passwords, compromised on-premises servers, and minted SAML tokens.
In this render chain assault, hackers were able to access the SolarWinds code, slip malicious code into a piece of the software, and use the vendor’s legitimate software updates to spread their malware to customer systems. Successful attempts gave NOBELIUM hackers high-level permissions on the downstream compromised systems.
Why should endeavours was concerned about nation-state assaults?
Historically, nation-state actors immediately targeted infrastructure, think tank, and governments of other countries. However, as organisations improve their defenses, sophisticated performers look for new ways to gain access to their targets through the vendors, software, and networks they are dependent upon. Enterprises are also increasingly at risk of assaults as nation-state performers expand their objectives to pursue intellectual property stealing. As a outcome, enterprises are often targeted by nation-state performers attacking the networks of their patrons, spouses, or vendors through their own network or software. The Microsoft Threat Intelligence Center, which accumulates billions of data points to gather threat intelligence, has observed that enterprises are increasingly at risk of these attacks.
35 percent of all nation-state assaults are targeted at endeavors, according to the CSO article,” Nation states: Cyberconflict, and the Web of Profit .” 1 78 percent increase in strikes on supplying chain vendors, according to the CPO Magazine article” HP Study: Nation-state Cyber Attacks Double Between 2017 and 2020 as World Edges Toward Open Cyber Warfare .” 2 13,000 nation-state attack alertings emailed to customers during the past two years, according to the September 2020 Microsoft Digital Defense Report.
Unlike other types of cybercriminals, who exploit a vulnerability and move on, nation-state attackers are persistent and determined to achieve their objectives. They expend serious period profiling their targets and probing their network for vulnerabilities and are continually adding more tools and abilities to their capabilities. Any organization–regardless of size–could be a potential target.
Another reason the NOBELIUM attack matters to the enterprise is that state-sponsored attackers often have unlimited monetary and technical support from their countries, giving them be made available to unique, modern hacking techniques and tactics.
“Nation-state performers are hard because they effectively have infinite funding and they’re above the existing legislation- at least in their country, ” said Roberto, Principal Consultant and Lead Investigator of the Microsoft Detection and Response Team. “They have very good technical resources, so it’s not like they’re going to give up. It’s one of the reasons we throw in the 80 -hour weeks.”
NOBELIUM’s long-term impact
How did the NOBELIUM attack unfold and how has it varied cybersecurity? In the first episode of our four-part video series Decoding NOBELIUM: When Nation-States Attack, security professionals share behind-the-scenes details and weigh in on the lasting impacts of the NOBELIUM attack on cybersecurity. Watch the episode to learn security strategies you can implement in your organization, like which vulnerabilities to patch.
Microsoft is committed to helping organisations bide protect itself against cyberattacks, whether cybercriminal or nation-state. In particular, nation-state antagonists have significant expertise and resources and will develop new attempt patterns with the specific intent of furthering their geopolitical objectives. Consistent with our mission to provide security for all, Microsoft will continue to use our resulting threat intelligence and world squad of dedicated cybersecurity defenders to help protect our customers and the world. Just two recent examples of Microsoft’s efforts to combat nation-state attempts include a September 2021 discovery and investigation of a NOBELIUM malware referred to as FoggyWeb and our May 2021 profiling of NOBELIUM’s early-stage toolset compromising EnvyScout, BoomBox, NativeZone, and VaporRage.
For immediate supporting, reach out to the Microsoft Security Response Center. Keep an eye out for future posts in the NOBELIUM nation-state attack series. In these posts, we’ll share the story of how we discovered the two attacks, how we fought security threats, and how the two attacks has shaped the future of cybersecurity.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Likewise, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1Nation States, Cyberconflict, and the Web of Profit, CSO, 2021.
2HP Study: Nation-State Cyber Attacks Double Between 2017 and 2020 as World Edges Toward Open Cyber Warfare, Scott Ikeda, CPO Magazine. 22 April 021.
The post How nation-state attackers like NOBELIUM are changing cybersecurity appeared first on Microsoft Security Blog.