Comment - Microsoft: Solarwinds hackers targetting CSPs & MSPs
October 2021 by Joseph Carson, Chief Security Scientist at ThycoticCentrify
Following the news that Microsoft has announced that the same Russia-backed hackers responsible for the SolarWinds breach this year are continuing to attack the global supply chain and are now targeting cloud service resellers and other companies, the comment from Joseph Carson, Chief Security Scientist at ThycoticCentrify:
Cybercriminals continue to look for ways to gain access to victims networks and a favorite technique is to gain access to compromised privileged accounts – often referred to as the keys to the kingdom. However, since many organizations in the past few years have outsourced using Cloud Service Providers (CSPs) and Managed Service Providers (MSPs), attackers are looking to gain access to the one key (privileged account) that rules them all and that is a CSP or MSP privileged account with access to their customers through privilege delegation. Why hack into many companies when you can target one that can give you access to many? This recent news is a reminder that CSPs and MSPs must move to using non-persistent privileges or on-demand privileges using solutions such as Privileged Access Management.