And a little scary.
I've been marinating on this one for a couple of days, because it's such a big deal.
This isn't entirely a new attack strategy, using contractors and vendors to gain access to critical systems. If you remember, Target was hacked via an HVAC contractor.
That was just a target of opportunity; what's new (and scary) is that this is a focused and multi-vector campaign that works to exploit, compromise, recon, control, and extract information by seizing control of as many servers as possible.
According to the article, the hackers are "looking to compromise the IT suppliers as a stepping stone to their customers' networks."
As always, I'm not judging or wagging a finger at anyone; we have to be right all the time, and they only have to get lucky once, but this should serve as warning to IT Services providers that their security is just as important as their customers'.
How do you stop this kind of attack in its tracks? A robust and holistic security infrastructure, including hardened web servers, mitigated vulnerabilities, firewalls, SIEM, endpoint protection (and backup! don't forget backup!), and...wait for it...an enforced segmentation strategy that doesn't allow recons like this to happen in the first place.
Have a great week!
"...the attackers were simply infecting all the machines they could throughout the organisations in order to find key targets."