Malwarebytes adds its name to the growing list of hacked cyber security organizations, and with it, a rallying cry.
Marcin Kleczynski, CEO of Malwarebytes, made a public announcement on January 19th via tweet that they were the latest identified victim of the SolarWinds hackers. They were in good company. Mimecast preceded them by days, as we reported on last week, and Palo Alto Networks, Qualys, and Fidelis were also confirmed as targets during the same week.
Each hack has been traced back to the original SolarWinds hackers, but each hack was performed in a distinctly unique way. In the case of Malwarebytes, their online notice reads in part, “While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor. We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments.”
The notice goes on to ensure Malwarebytes customers that their data was not the target of the attack and that only select internal emails were compromised. While such information may be a relief to its clientele, it is further evidence of a targeted strategy. What these threat actors are after and why still remains unclear, but the picture its painting leads experts to believe that they may have a plan that goes beyond mere run-of-the-mill espionage.
Similar to the global nuclear arms strategy—that is, the best way to deter a nuclear strike is to have access to the same technology—cyber espionage is practiced across the globe. For the United States, this truth hits a bit differently. America’s grid is open and vast, leaving it more vulnerable should a cyber war occur. Additionally, in America’s free market, private sector and third-party technology vendors create information silos, both intentionally and unintentionally, which muddies the waters when it comes to investigating cyber security incidents.
Malwarebytes and Mimecast have also made public calls toward a future of cyber security collaboration.
On the 19th, Malwarebytes released a call to collaborate which also included a public acknowledgement of the groups who aided in their investigation. It read in part, “While we have learned a lot of information in a relatively short period of time, there is much more yet to be discovered about this long and active campaign that has impacted so many high-profile targets. It is imperative that security companies continue to share information that can help the greater industry in times like these, particularly with such new and complex attacks often associated with nation state actors.
We would like to thank the security community, particularly FireEye, CrowdStrike, and Microsoft for sharing so many details regarding this attack. In an already difficult year, security practitioners and incident responders responded to the call of duty and worked throughout the holiday season, including our own dedicated employees. The security industry is full of exceptional people who are tirelessly defending others, and today it is strikingly evident just how essential our work is moving forward.”
Just yesterday, Mimecast posted a blog that shared the sentiment: “Now more than ever, transparency and cooperation within the security community are essential to an effective response. We expect that additional organizations will learn or share that they were affected by the threat actor behind the SolarWinds Orion software compromise. We have benefited from the expertise shared by others facing this threat, and we are committed to doing the same, based on our own experience, to create a more secure and resilient community.”