https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Security


Shutterstock

Data Theft Hacker

SolarWinds Cyberattack Likely Affected Thousands Worldwide

  • Written by Edward Gately
  • December 16, 2020
The hackers inserted malicious code into SolarWinds' Orion software updates.

… the attack for them.

Matt Walmsley is Vectra AI‘s head of EMEA marketing.

“As organizations increasingly become hybrid cloud environments, we’ve seen attackers focus on privileged access and the use of legitimate tools for malicious actions,” he said. “For example, in a recent study of 4 million Microsoft 365 accounts, we identified that 96% of organizations exhibited lateral movement behaviors including multifactor authentication (MFA), and embedded security controls that are being bypassed. A threat actor can then, with a few clicks, reconfigure email rules, compromise SharePoint and OneDrive file stores, and set up persistent reconnaissance and exfiltration capabilities using built-in M365 tools such as eDiscovery and Power Automate.”

Opportunities for More Attacks

Opportunities for these type of attacks are massive and growing, Walmsley said.

Vectra AI's Matt Walmsley

Vectra AI’s Matt Walmsley

“It highlights the need for security teams to be able to tie together all host and account interactions as they move between cloud and on-premises environments in a consolidated view,” he said. “Security teams also need to drastically reduce the overall risk of a breach by gaining instant visibility and understanding of who and what is accessing data or changing configurations, regardless of how they are doing it, and from where.”

Hank Schless is Lookout‘s senior manager of security solutions.

“Cyber espionage campaigns can target both the public and private sector, as proven by this attack,” he said. “Adversarial nation-states have recognized the value in targeting both sectors, which means neither is safe from the types of attacks that have government resources behind them. Attackers will continue to get more creative with their campaigns as cybersecurity protections get more advanced.”

Infecting legitimate software updates can be an effective way to covertly inject malware into many organizations, Schless said.

Lookout's Hank Schless

Lookout’s Hank Schless

“In order to avoid this type of attack, it’s key to have visibility into all internal and third-party software in your infrastructure,” he said. “Your host infrastructure, mobile devices and computers all represent potential access points for threat actors. You need to know where software vulnerabilities exist across your infrastructure.”

More High-Profile Attacks Expected

Lior Div is Cybereason‘s CEO. He said there likely will be more high-profile attacks targeting the U.S. government, cybersecurity providers and their customers.

All high-value targets should be on alert, he said. In addition, they should initiate threat hunting and compromise assessments.

“SolarWinds has a stellar reputation,” Div said. “It looks like their software was signed with a valid Symantec certificate on a normal SolarWinds Orion update. No hygiene in the world would prevent that. The only solution is a robust, behavioral, post-breach mindset. After a certain point, effective detection matters more.”

  • Page 1
  • Page 2
  • Page 3
Tags: MSPs Best Practices Channel Research Mobility Networking RMM/PSA Security Specialty Practices Technologies

Related


  • VDI
    TA Associates to Acquire Virtual Desktop OS Provider IGEL
    Microsoft and HP veteran Bill Veghte will become IGEL’s executive chairman.
  • Automation
    Juniper Networks Rolls Out Paragon Automation for 5G, Multicloud
    The portfolio simplifies user experiences for complex 5G and multicloud services.
  • Cloud security
    IT Facing Major Security Issues, But Cloud Security May Be Most Immense
    A number of reports point to security problems within client environments, but cloud could be the biggest.
  • Technical Know-How
    Companies Seek IT Security Resellers with Technical Know-How
    Providers can offer managed services to fill customers' cyber-defense needs.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Diversity and Inclusion Survey Results Point to a Still-Growing Channel
  • Channel Survey: Sales and Marketing, Analytics Are Significant Challenges
  • How SolarWinds' Massive Hack Upended Cybersecurity
  • Florida Water Supply Hack Chilling Reminder of Infrastructure Vulnerability

Galleries

View all

Threat Protection Vendors: Why MSSPs Have to Ramp Up Efforts Right Now

February 23, 2021

Industry Perspectives

View all

SASE: The Key to Mitigating Business Transformation Risk

February 22, 2021

Public Sector IT Funding Outlook for 2021–and What It Means for Our Reseller Partners

February 18, 2021

MSPs: Grow the Business with Marketing (While Focusing on What You Do Best)

February 17, 2021

Webinars

View all

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

In Case of Emergency: The Importance of Proactive Critical Event Management

February 23, 2021
  • 1

White Papers

View all

Kaspersky Endpoint Detection and Response Optimum

February 19, 2021

Product Brief: Kaseya VSA Integrated Workflows with BMS and IT Glue

January 26, 2021

Why Subscription Business Model

January 15, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@AteraCloud receives $25 million investment to help more #MSPs, IT pros. dlvr.it/RtPbBG https://t.co/UxHqhrUKgx

February 24, 2021
ChannelFutures

.@Infoblox rolls out new #Cloud Specialization program to increase partners' #SaaS sales. dlvr.it/RtPb7f https://t.co/CmZTwYiv1u

February 24, 2021
ChannelFutures

RT @Channel_Expo: ⏱️ Time is ticking to save on your pass to #CPVirtual next week...View all pass options and secure your virtual seat by F…

February 24, 2021
ChannelFutures

The new @Commvault #EMEA channel exec will focus attention on alliances, cloud and simplifying and expanding partne… twitter.com/i/web/status/1…

February 24, 2021
ChannelFutures

#NYC #MSP @Electric_AI receives $40 million in C-Series investment from VC firm @GreenspringVC.… twitter.com/i/web/status/1…

February 24, 2021
ChannelFutures

.@rev_io_hq says the #backoffice grows in importance as more people work from home. dlvr.it/RtNLjd https://t.co/YZEVnm3KVk

February 24, 2021
ChannelFutures

.@KaseyaCorp acquires @rocketcyber, beefs up #cybersecurity for MSPs. dlvr.it/RtLQQ7 https://t.co/GXkDVhoNw5

February 23, 2021
ChannelFutures

Continuing #digitaltransformation for partners helps unlock #aaS and sales, says @GeorgeHope216.… twitter.com/i/web/status/1…

February 23, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X