5 Things To Know About Latest SolarWinds Hackers’ Attack: How Nobelium Leveraged Constant Contact In Phishing Campaign
Donna Goodison, Steven Burke
The latest attack by the Russia state sponsored group known as Nobelium involved the Constant Contact email marketing service. Here are five things you need to know about what Microsoft is calling ‘Another Nobelium Cyberattack.’
Nobelium Spear Phishing Operations On The Rise
Microsoft security researchers warned that Nobelium’s spear phishing operations are “recurring and have increased in frequency and scope.”
What’s more, Microsoft, said it is “anticipated that additional activity may be carried out by” Nobelium using an “evolving” set of tactics.
“Microsoft continues to monitor evolving this threat actor’s activities and will update as necessary. Microsoft 365 Defender delivers coordinated defense against this threat. Microsoft Defender for Office 365 detects the malicious emails, and Microsoft Defender for Endpoints detects the malware and malicious behaviors,” said the company. “Additionally, customers should follow defensive guidance and leverage advanced hunting to help mitigate variants of actor activity.”
Among the mitigations recommended by Microsoft are enabling “multifactor authentication (MFA) to mitigate compromised credentials.” In fact, Microsoft “strongly encourages all customers download and use passwordless solutions like Microsoft Authenticator to secure accounts.”
In addition, Microsoft recommends turning on on cloud-delivered protection in Microsoft Defender Antivirus or the equivalent” so that antivirus products can cover “rapidly evolving attacks.”
Microsoft also recommends using Microsoft Endpoint detection and response in block mode so that “Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus doesn’t detect the threat or when Microsoft Defender Antivirus is running in passive mode.
Also recommended: enabling network protection to “prevent applications or users from accessing malicious domains and other malicious content on the internet” and using device discovery to increase “visibility into your network by finding unmanaged devices on your network and onboarding them to Microsoft Defender for Endpoint”
Microsoft also advises users to enable “investigation and remediation in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts” to resolve breaches.