Quote from Chester Wisniewski, Field CTO Applied Research, Sophos
“Attacking supply chains to gain access to highly valued targets through the side door is on the rise and unlikely to slow down any time soon. As organizations move to cloud-based services, these providers become natural targets for criminals, spies, and nation-state cyberwarriors. This phenomenon affects all sizes and sorts of organizations, as we have seen from the attacks on JumpCloud attributed to the DPRK, Microsoft by Storm-0558 (attributed to China), and SolarWinds by CozyBear (attributed to Russia).
“This should be a wakeup call for both service providers and consumers of cloud-hosted services that have privileged access to sensitive information and authentication credentials. While North Korea might only be interested in cryptocurrency, the same cannot be said for other attackers like CLOP who have mechanized extortion by using zero-days against suppliers like MoveIT.“Security Operations Center (SOC) analysts and managed detection and response (MDR) providers can no longer trust that cloud services are a “clean room” and trusted, nor can they afford to ignore anomalous behavior from trusted devices and software. The days of adding trusted services to an allow list when they trigger a detection from XDR (Xtended Detection & Response) and endpoint security days are over. Everything must be investigated and done quickly as the winners in the security race are those with the lowest time-to-detect and time-to-respond.”
-Chester Wisniewski, Field CTO Applied Research, Sophos
