Malwarebytes software suffered same attack as SolarWinds, remains safe - The UpStream

Hero Image

Malwarebytes software suffered same attack as SolarWinds, remains safe

posted Saturday Jan 23, 2021 by Scott Ertz

Malwarebytes software suffered same attack as SolarWinds, remains safe

Near the end of 2020, a massive hack was uncovered in the network management system, SolarWinds. The attack came from a Russian state-sponsored organization, named Cozy Bear, and was administered via a compromised update. Through this update process, Cozy Bear was about to distribute code allowing them backdoor access to the systems of those who installed it. We recognized at the time that the full implications of the attack were unknown, though we did learn some of the many companies and organizations affected. Malwarebytes was not one of those companies, but Microsoft was. However, Malwarebytes has announced that it was breached by Cozy Bear as well.

This newly discovered breach was not through Malwarebytes software, nor was it through SolarWinds, as the company does not use the software. However, it came in through elevated access to the company's Microsoft Office 365 account. They were alerted to the attack by Microsoft Security Response Center, who noticed an attack method that closely resembled the SolarWinds attacks.

The company has said that, since their systems were not directly compromised, their software is still "safe to use" but that their customer information may have been accessed. They said the attacker "only gained access to a limited subset of internal company emails" and they "found no evidence of unauthorized access or compromise in any of [its" class="UpStreamLink"> internal on-premises and production environments." The attack came through a dormant email protection product that was still in their Office 365 installation.

This is a good reminder that any software that you are no longer using should be considered for uninstallation. Dormant or inactive apps and tools can often be ignored for update, meaning that attack surfaces are not removed. This leaves systems vulnerable to outside attack. If the big security companies can get hit by this type of attack, so can you.


Login to CommentWhat You're Saying

Be the first to comment!

We're live now - Join us!



Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats