They’re smart. They’re dangerous. And they’re coming for your customers. No, we’re not being dramatic – Nobelium (a notorious cybercriminal group) really does pose a threat, and it’s greater than ever before.
The Russia-sponsored group of hackers has been described by Microsoft as ‘the most sophisticated in history’ – and for good reason. They were behind the SolarWinds cyberattacks in 2020, where they accessed emails in the U.S. Treasury, Justice and Commerce departments. And Microsoft have warned that Nobelium have recently discovered a new technique to attack corporate authentication, which Microsoft have named “MagicWeb”.
Right now, they could be targeting your customers. And Microsoft isn’t offering automatic refunds – so if your customers don’t have the right security measures in place, they will (quite literally) pay the price.
We can help you keep your customers safe. Our experienced team are ready to share all the ways we can support from: Microsoft access policies to explaining MFA in more detail, contact us today so we can support you.
In the meantime, how can you keep them safe? Here’s three tips from Westcoast Cloud.
Nobelium hackers are hunting for accounts without multi-factor authentication (MFA) – so a Zero Trust approach is essential. You need to enable MFA across the board, for all your customers and their end users.
It might seem like a lot of work to set up, but you won’t regret it. And most of the time, that extra layer of protection is free of charge for Microsoft users.
On the topic of MFA – emphasise the importance of strong passwords to your customers. They shouldn’t just choose any old thing, like ‘JoeBloggs’ or ‘password123’. Encourage them to choose a password that’s hard to guess and has a long character length. And most importantly, don’t set passwords to expire, as Microsoft now believes this makes end users more vulnerable to hackers.
Global admins have unlimited access to company systems and data – so naturally, these accounts are really appealing to Nobelium hackers. How can you help your customers overcome that danger? The answer is simple: restrict the number of privileged roles.
A good rule of thumb is to shoot for no more than three global admins within the customer Azure portal. There are over 100 other roles that you can assign to users – and you can create custom roles, too! Defaulting to global admin rights for everyone is a terrible – but totally avoidable – idea.
Building on our last point, privileged roles need to be looked after. If you’re assigning them, ask yourself: does this person really need a directory role? How long will they use it for?
Revising your customers’ conditional and least-privileged access policies will help tighten any loose ends. Check audit logs and sign-in logs, and flag accounts that might be compromised. Bear in mind that you’ve got a limited time to do that depending on the licencing: Azure AD Premium P1 and P2 customers can track back 30 days, whereas those with the free tier can only track back 7 days.
All in all, the Nobelium threat sounds pretty frightening – and so it should. The need for strong cybersecurity isn’t new, and it’s not going anywhere either – especially with hybrid working here to stay. For that reason, security needs to be top-of-mind for everyone: CSPs like us, partners like you, and of course, your customers.
At Westcoast Cloud, we want to help you keep your customers safe. Our team can walk you through all the Microsoft access policies and explain MFA in more detail. If you want to check which end users are operating without MFA, we can help with that too.
We also offer sales and technical support. So, if you fancy selling the Microsoft Defender stack or any other security solutions, our team are on hand to help, every step of the way.
To learn more about protecting your customers from Nobelium, listen to our Cloud Talk podcast or drop us a line at Microsoft@wescoastcloud.co.uk.