The attack vector was an email-protection application for Microsoft 365.
A new big name has is added to the already long list of SolarWinds attack’s collateral victims: Malwarebytes.
In a recent statement, the company recognized that “while Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor.”
The attack methods get more advanced, while multiple companies are used as backdoors.
There are clues that indicate that the series of attacks began last spring with a corrupted software update that delivered the Sunburst backdoor to about 18.000 organizations. After that, specific targets were chosen to be infiltrated further. Thankfully, Malwarebytes noted that “we found no evidence of unauthorized access or compromise in any of our internal on-premises and production environments….We do not use Azure cloud services in our production environments.” “A thorough investigation of all Malwarebytes source code, build and delivery processes showed no evidence of unauthorized access or compromise”, they added.
Check the source.
- Massive $59M Facebook Phishing Campaign Steals Nearly 400M CredentialsThreat actors have managed to net a staggering $59 million and steal hundreds of millions of credentials in a […]
- Human Error is a Top Security Risk in 2022, New Report ShowsA new report from Verizon warns about the human error as being one of the most frequent causes of […]
- Paying The Ransom – An Open Invitation For A Second Attack, 2022 Report WarnsWhether the unlucky victim of a ransomware attack ends up paying the ransom or not, they are still susceptible […]
- FBI: Business Email Compromise – a $43B ScamA new FBI report warns of a staggering spike in hacking activities using the Business Email Compromise technique (BEC), […]
- NVIDIA Confirms Employee Credentials And Proprietary Data Stolen During CyberattackNVIDIA confirmed the Lapsus$ cyberattack and the data leak that followed, saying it first became aware of the security […]