Are you still keeping tabs on the SolarWinds attack? Antimalware giants Malwarebytes are the latest major tech company to announce that the SolarWinds attackers breached their network.
However, in a turn of events, Malwarebytes believes that the attacker accessed their network using Microsoft 365 email protection, rather than the SolarWinds Orion software implicated in most other breaches relating to the attack.
Here's what Malwarebytes is saying about SolarWinds.
Malwarebytes Caught Up in SolarWinds Attack
In a post on the official Malwarebytes blog, the cybersecurity company confirmed that the "nation state attack leveraging software from SolarWinds has caused a ripple effect throughout the security industry."
Caught in the ripple is Malwarebytes. Even though they do not use SolarWinds, the attacker targeted Malwarebytes using an alternative attack vector, abusing "applications with privileged access to Microsoft Office 365 and Azure environments."
The Microsoft Security Response Center had previously flagged suspicious activity stemming from a dormant aspect of Malwarebytes Office 365 environment on 15 December. The attackers specifically exploited a dormant email protection product.
Malwarebytes was keen to stress that none of its consumer-facing products were affected and that the attackers gained access to a very limited amount of internal email data. Malwarebytes products remain safe.
After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails. We found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments
Still, as the attack techniques and timeframe were consistent with the SolarWinds attack, Malwarebytes immediately activated its incident team along with Microsoft's Detection and Response Team (DART).
The SolarWinds Victim Count Continues Rising
As a recent CISA post states, SolarWinds was just one attack vector for this enormous attack. The threat actor combined numerous exploits and attack vectors to compromise numerous high-profile targets, including several US government agencies, Microsoft, and other high profile tech companies.
It isn't over yet, either. Although Malwarebytes was made aware of the potential of an exploit in December 2020, it has taken over a month for confirmation.
That's not forgetting that the first inkling of the SolarWinds attack came in early December 2020, when leading cybersecurity firm FireEye was hit with a nation-state attack, now presumed to be part of SolarWinds.
Microsoft recently issued security patches to resolve some aspects of the SolarWinds attack as part of its January 2021 Patch Tuesday. The fixes included patches for a zero-day vulnerability under active exploitation, as well as over 80 other patches for vulnerabilities.
The patches came after a series of updates to Windows Defender, aimed to block and disrupt the malware types at the root of the SolarWinds attack. While this was a positive act, since that time, several more malware types linking to the attack have been revealed, illustrating just how sophisticated the attack was.