Malwarebytes Hit by SolarWinds Hackers

Author: Melodie Foster

Date: 21st January 2021

Malwarebytes, the antivirus firm, has been hacked by the SolarWinds attackers. It had been discovered that they’d been attacked during a Microsoft audit of Office 365 Azure infrastructure following detection of suspicious activity that was originating from a dormant Office 365 security app.

Malwarebytes said about the attack, “a newly released CISA report reveals how threat actors may have obtained initial access by password guessing or password spraying in addition to exploiting administrative or service credentials.”

Malwarebytes pointed out that the breach was not directly related to the SolarWinds attacks because Malwarebytes does not use any SolarWinds software in its internal IT structure. Furthermore, after an investigation of all Malwarebyte’s source code, build and delivery processes, it showed that there was no evidence of any compromise or unauthorised access.

The CEO of Malwarebytes wrote in a blogpost, “we received information from the Microsoft Security Response Center on December 15 about suspicious activity from a third-party application in our Microsoft Office 365 tenant consistent with the tactics, techniques and procedures of the same advanced threat actor involved in the SolarWinds attacks.”[1][2]

[1] https://www.techradar.com/news/malwarebytes-says-it-was-hit-by-solarwinds-hackers

[2] https://threatpost.com/malwarebytes-solarwinds-attackers/163190/

Other resources

Cyberfort Colocation Services

Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >

Cookie Name	Expiration Time	Description
_ga	2 years	Used to distinguish users.
_gid	24 hours	Used to distinguish users.
_gat	1 minute	Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>.

_gac_<property-id>	90 days	Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
__hstc	13 months	The main cookie for tracking visitors.
hubspotutk	13 months	This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts.
__hssc	30 minutes	This cookie keeps track of sessions.
__hssrc	End of session	Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser.

Malwarebytes Hit by SolarWinds Hackers

Author: Melodie Foster

Date: 21st January 2021

Other resources

Cyberfort Colocation Services

What can Cyberfort do for you?

Cyberfort Deep Dives

Recent Posts

Recent Comments

Archives

Categories

Meta