Say No To Nobelium Cyber-Attacks


By Staff Writer

Both businesses and individual users were exposed to a cyber-attack recently, as SolarWinds attacker Nobelium launched a strategic phishing campaign on over 150 different organisations. However, it is a testament to the strength of the information security processes of many businesses that the damage was minimised, with the phishing threat being detected by cyber security services such as Microsoft Defender Antivirus.

In good news, the scope of potential damage that could have been caused was significantly minimised. Cyber threats such as this leave businesses feeling vulnerable and asking questions about what they should be doing to prevent successful cyber-attacks on their systems. This article will discuss some important strategies that companies should be taking to protect their data and reputation.

Firstly, to better understand the scope of the threat, it is important to understand what happened. The threat actor known as Nobelium launched a targeted phishing attack on organisations from a wide range of industries, including corporate think tanks and government divisions, by gaining access to USAID’s email marketing service. Through this, they were able to send sophisticated, authentic-looking emails to thousands of accounts that, when opened, exposed users to a wide range of potential cyber-risks, including data theft and virus exposure. After this incident, many users were left feeling insecure and unsure about what they should be doing to keep their information safe. The steps towards effective information security processes are rather simple.

“Nobelium is doing something pretty interesting”, according to Charlie Gero, CTO, Security Technologies Group, Akamai. “They are storing their malware on domains that people don’t block, like Google Firebase and Dropbox. They are effectively laundering their malware through trusted SaaS providers. This means protection at the DNS layer, while critically important, is obviously not enough. You need content inspection too, and that’s where SWGs (Secure Web Gateways) come into play. It expands the protections from focusing on keeping end users away from dangerous areas on the Internet to accepting that EVERYWHERE can be dangerous, and thus scanning for viruses, performing sandboxing, etc. is a must.

“In a way, this is a confirmation of Zero Trust again, but in a different use case. In the past, we trusted users based on their location (inside the perimeter), but today we recognize that is bad and we need to verify each access based on identity, risk, and more. But we still often trust data based on its location (ex: It’s on Dropbox, and my company trusts Dropbox, so we’re good). But as we see, criminals are increasingly relying on this mistake of trusting content by location in order to get around enterprise protections. The important story here is that you shouldn’t trust users, content, or really anything based on where it’s coming from, but rather should always scan and verify.”

It comes down to knowledge. Businesses should be familiarising themselves with different kinds of cyber-threats and scams, and ensuring that there are appropriate security measures in place to protect their systems. Part of this includes training their staff on how to identify potential cyber-threats, having clear processes in place for what to do in the event of a cyber-attack, and implementing information security protocols, such as two-factor authentication, that work at keeping your data secure.

Nobelium’s cyber-attack was almost successful because of its targeted, strategic nature, coupled with the fact that they chose to attack during a time of crisis, in which people may be feeling insecure and thus, let their guard down. That Microsoft was able to successfully identify the attack and take immediate action to ward off its effects, is a testament to the strength of their information security processes.

However, as previously discussed, the best defence against cyber-threats is a good offence. This means both educating yourself about the kinds of cyber risks you may be vulnerable to and taking active steps to strengthen your networks. Simple steps like two-factor authentication logins work well in warding off many potential risks, and ensuring your information stays safe. In a highly volatile time, this kind of dedication to strong information security is what can distinguish one business from the next.