Microsoft has identified (more) Nation-State supply chain attacks
We all know about supply chain attacks, the most recent example being the Solarwinds/FireEye debacle in which parties third, outed as the Russian state-sponsored APT-29 group (also called Nobelium) by none other than the FBI and associated American Government departments (they have so many, it’s too confusing).
The long and short of these attacks is that by breaking into a piece of software used by, say, Managers Service Providers (MSPs), the attacker can then bust the customers and upstream providers to exfiltrate data, disrupt service, deploy ransomware etc.
Some of us at Tiberium have seen one of these attacks in action at a software provider. The levels of sophistication, patience, obfuscation and tradecraft were truly mind-blowing.
Fast forward to this week and Microsoft has announced that it has detected yet more activity from the Russian Nobelium crew targeting Cloud and Managed Service Providers in order to infiltrate downstream customers and suppliers.
If you are a Managed Service Provider or a customer, we very much recommend that you read Microsoft’s detailed announcements and recommendations and keep following Microsoft’s security channel on Twitter.
Obviously, Critical National Infrastructure and Global corporations have been warned. This is a serious issue and if you are a customer of an MSP, it is essential that you ask them if they are aware, what their plans for threat hunting, intrusion detection, remediation, communications and customer care are.
Tiberium’s managed service customers can rest assured that we are implementing all of the Microsoft recommendations and will be communicating with you directly if necessary. Tiberium’s managed service products FROST and MYTHIC use automation to remediate issues and are continuously, automatically updated with threat data to provide effective decision making and remedial actions.
If you are one of our customers, potential customers or if you are just concerned, please contact us. We would be happy to help.
All credit to Microsoft’s excellent team for the detailed work on this.
Should you be one of our regular readers (and thank you very much if you are), you may have read last week’s missive which discussed ‘how will SASE, SOAR, Zero Trust and SIEM technologies shake out?’. We predicted consolidation and internally discussed the names of a few vendors with different strategies (build, buy or integrate).
This week, Cato Networks has risen $200 million to further develop its in-house SASE/SOAR offering. As if by magic, the ingestion tax specialist Splunk has also announced enhancements to its cloud and SOAR platform.
With this sort of investment abounds we can only see of series of bunfights. To the top and to the bottom. We may even begin to see these products in competitive situations.
If you are a Microsoft customer, you would be well advised to explore the functionality and capability of your current licensed products before investing in a new technology stack that requires feeding, watering and monitoring and will be rendered useless when Dave, the only person who knows about it, leaves.
Helping you get the most from your investment is totally in Tiberium’s sweet spot. We have advised organisations huge, small and everything in between for the last 20-25 years. We would be happy to share our experiences (good, bad, worse) and share our view of the future. As usual, get hold of us here.
At Tiberium, we are very big supporters of Women in technology and as supporters/followers of the Government’s National Cyber Security Centre (NCSC), Cyber First programmes were very excited to see that NCSC has announced a CyberFirst Girls competition which is now open for registration.
Unlike in the times when the Tyrannosaurus Rex roamed the earth and all thing computer (or disco for that matter) were considered geeky and questionable (they’re not laughing at us anymore), Cyber Security is taken very seriously by all employers and any training or experience provided by the Cheltenham Massive should be grasped with both hands.
“The competition continues to be a team event, with each one made up of 4 students that identify as female, from Year 8 in England and Wales, Year 9 in Northern Ireland and S2 in Scotland.”.
If you know any girls (or of course identify as female) who might want to give Cyber a go, please share this with them. If they would like to know about a career in Cyber and if there is enough interest, we would think about putting on a webinar (secure of course.).
Thanks for reading.
We need to say nothing about Sam Cooke’s Chain Gang released in 1960. BLM.