Bose Work Remote Promo
Bose Work Remote Mobile Promo
Take Our Survey on Your IoT/Collaboration Plans & You Could Win a 60" 4K UHD Display!
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Downloads
  • Podcasts
  • Subscribe
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

Malwarebytes CEO Says SolarWinds Attackers Accessed Internal Company Emails

Anti-malware software company Malwarebytes says SolarWinds attackers gained access to some internal company emails via Microsoft applications.

January 21, 2021 Zachary Comeau Leave a Comment

Malwarebytes SolarWinds

Anti-malware software company Malwarebytes company itself is a victim of the SolarWinds attack, the company announced this week.

In a blog, CEO Marcin Kleczynski said the company has evidence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments.

Attackers gained access to a limited subset of internal company emails, but further investigation didn’t turn up evidence of further unauthorized access or compromise in any of the company’s internal on-premises and production environments.

Today, I disclosed publicly that @Malwarebytes had been targeted by the same nation state actor that attacked SolarWinds. This attack is much broader than SolarWinds and I expect more companies will come forward soon.

— Marcin Kleczynski (@mkleczynski) January 19, 2021

I should have linked to the actual blog post. My apologies everyone. More details here:https://t.co/RudTCa5UCt

— Marcin Kleczynski (@mkleczynski) January 19, 2021

According to Kleczynski, the company was notified by Microsoft on Dec. 15 about suspicious activity from a third-party application in its Microsoft Office 365 tenant that resembled activity known to be associated with the group behind the SolarWinds compromise.

Attackers were able to compromise a March 2020 update of the SolarWinds Orion IT management platform that essentially gave the group – believed to be backed by the Russian government – access into nearly 18,000 customer networks.

High-profile government agencies and technology companies have reported evidence of a further breach by the same group.

Read Next: Symantec Discovers Fourth Malware Strain Used in SolarWinds Attack

Along with Microsoft security personnel, Malwarebytes investigated its cloud and on-premises environments for activity and found that attackers leveraged a dormant email protection product within its Office 365 tenant that allowed access to some internal company emails.

Fearing the company’s products were being leveraged by the attackers, the company investigated its source code, build and delivery processes and even reverse engineered its own software, but found no evidence of compromise.

“Our software remains safe,” Kleczynski wrote.

He also describes how threat actors are obtaining initial access by password guessing or spraying in addition to exploiting administrative or service credentials.

Part of his post speaks to a larger concern among cybersecurity experts: that what we have learned so far about this attack is just the tip of the iceberg.

“It is imperative that security companies continue to share information that can help the greater industry in times like these, particularly with such new and complex attacks often associated with nation state actors,” Kleczynski wrote.

Tagged With: Cybersecurity, Malware, Malwarebytes, SolarWinds

Related Content:

  • hybrid work endpoints Study: Security, Scalability Top Concerns of Remote Work
  • Crestron 70 Series Scheduling Panels Microsoft Teams Microsoft Teams Panels Now Generally Available
  • delivery robots Delivery Robots are Coming To Campuses
  • IBM Siemens Red hat Hybrid Cloud IBM, Siemens, Red Hat Collaborate On Hybrid Cloud…

Free downloadable guide you may like:

  • Introducing the IT Pro MBA: Vetting Technology

    At some point in your career there is going to come a time when you are tasked with reviewing and vetting new tech to implement into your company. Sometimes the hardest part of the whole thing is just getting started. In this new series from My TechDecisions, the IT Pro MBA: Vetting Technology guide deep-dives […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Introducing the IT Pro MBA: Vetting Technology

At some point in your career there is going to come a time when you are tasked with reviewing and vetting new tech to implement into your company. ...

9 Technology Products to Help Combat COVID-19 Spread in the Workplace

As the Coronavirus continues on and leads us further into uncertainty, the question remains, “when do we return to the office?” For some the answer...

Top 9 Reasons Enterprise IT Leaders Are Moving Their Video Surveillance to the Eagle Eye Cloud

Working in IT has enough challenges without adding in the complications of surveillance video. Things like total cost of maintenance, how the VMA m...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Terms of Use
  • Privacy Policy
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!

© 2021 Emerald X, LLC. All rights reserved.