Mar 09, 2024NewsroomCyber Attack / Threat Intelligence

Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024.

“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” the tech giant said.

“This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”

Redmond, which is continuing to investigate the extent of the breach, said the Russian state-sponsored threat actor is attempting to leverage the different types of secrets it found, including those that were shared between customers and Microsoft in email.

It, however, did not disclose what these secrets were or the scale of the compromise, although it said it has directly reached out to impacted customers. It’s not clear what source code was accessed.

Stating that it has increased in its security investments, Microsoft further noted that the adversary ramped up its password spray attacks by as much as 10-fold in February, compared to the “already large volume” observed in January.

“Midnight Blizzard’s ongoing attack is characterized by a sustained, significant commitment of the threat actor’s resources, coordination, and focus,” it said.

“It may be using the information it has obtained to accumulate a picture of areas to attack and enhance its ability to do so. This reflects what has become more broadly an unprecedented global threat landscape, especially in terms of sophisticated nation-state attacks.”

The Microsoft breach is said to have taken place in November 2023, with Midnight Blizzard employing a password spray attack to successfully infiltrate a legacy, non-production test tenant account that did not have multi-factor authentication (MFA) enabled.

The tech giant, in late January, revealed that APT29 had targeted other organizations by taking advantage of a diverse set of initial access methods ranging from stolen credentials to supply chain attacks.

Midnight Blizzard is considered part of Russia’s Foreign Intelligence Service (SVR). Active since at least 2008, the threat actor is one of the most prolific and sophisticated hacking groups, compromising high-profile targets such as SolarWinds.

Feb 28, 2024The Hacker NewsWebinar / Privacy

In today’s digital era, data privacy isn’t just a concern; it’s a consumer demand. Businesses are grappling with the dual challenge of leveraging customer data for personalized experiences while navigating a maze of privacy regulations. The answer? A privacy-compliant Customer Data Platform (CDP).

Join us for a transformative webinar where we unveil Twilio Segment’s state-of-the-art CDP. Discover how it champions compliant and consented data use, empowering you to craft a holistic customer view and revolutionize engagement strategies.

What Will You Learn?

• Strategies for ethically democratizing data across your organization.
• The power of first-party data in unlocking profound customer insights.
• The pivotal role of a CDP in fostering compliant and consented data utilization.
• Proven customer engagement methodologies from industry leaders.

Why Should You Attend?

Twilio Segment’s State of Personalization Report reveals a compelling truth: 63% of consumers welcome personalization, provided it stems from directly shared data.

However, the phasing out of third-party cookies, the advent of privacy-centric browsers, and stringent regulations like GDPR have left businesses pondering how to personalize effectively within a privacy-first framework.

Don’t Miss Out!

In an age where data privacy and compliance are not just buzzwords but imperatives, mastering the ethical management of customer data is crucial for businesses striving for excellence.

Circle your calendar for “Building Your Privacy-Compliant Customer Data Platform (CDP) with First-Party Data.” Secure your spot now for an enlightening session you can’t afford to miss!

SaaS applications are the darlings of the software world. They enable work from anywhere, facilitate collaboration, and offer a cost-effective alternative to owning the software outright. At the same time, the very features that make SaaS apps so embraced – access from anywhere and collaboration – can also be exploited by threat actors.

Recently, Adaptive Shield commissioned a Total Economic Impact (TEI) study conducted by Forrester Consulting. The study demonstrates the impactful ROI achieved by a multimedia company with an annual revenue of $10 billion. While the quantitative ROI is significant, at 201%, the qualitative security ROI improvements were substantial.

Figure 1: Summary of the TEI Study

In this article, we’ll examine the study’s findings of how Adaptive Shield’s SaaS Security Posture Management (SSPM) platform impacted this global enterprise.

Learn how a $10B media firm dramatically improved their security posture with SSPM

The Organization’s Top SaaS Challenges

In interviews with Forrester Consulting, the organization being studied pointed out several key challenges that were facing in their SaaS stack leading up to 2022.

1. The organization acknowledged that they lacked the knowledge and skill to manage the applications. They didn’t understand many of the unique configurations or the impact they had on security or compliance, which left them unaware of the risks or mitigations that needed to happen.
2. The organization had experienced an increase in SaaS adoption across IT, HR, sales, marketing, and other departments. They recognized that sensitive assets and valuable data were moving into SaaS applications and being spread out in a way that the security team could no longer supervise all its comings and goings. In addition, they needed to foster collaboration between the app owners, who control the applications, and security teams that are tasked with securing them.
3. They were also dealing with increased complexity caused by their Merger & Acquisition (M&A) activity. Each M&A increased the number of applications that they needed to manage, many of which were geographically-distributed tenants that could not be easily combined with existing tenants of the app.

The organization began looking for a solution that could alleviate the SaaS misconfigurations that they were dealing with at scale. They needed a platform that would integrate with multiple business applications, mitigate communication issues between the app owners and security teams, and help them maintain regulatory compliance in their SaaS stack.

They were impressed with Adaptive Shield’s platform which not only demonstrated the widest coverage of supported applications but also found configuration issues during the proof of concept phase. In 2022, Adaptive Shield was selected and deployed to secure the organization’s stack.

Security Benefits Adaptive Shield Introduced to the Organization

Forrester Consulting found that Adaptive Shield enabled the security team to “gain complete control and increased visibility of the security posture of all business-critical applications.”

Increased SaaS Security Posture

The security team had dealt with six security issues stemming from misconfigurations and low-security posture in the past. However, the organization saw posture improvements beginning with the POC. They “realized substantial improvement in its security posture score through visibility, remediation guidance, and ongoing monitoring” while experiencing a 30% increase in posture.

Improved Collaboration

Forrester Consulting also found evidence of increased collaboration between security teams and app owners. They noted that business owners are critical players in securing applications, as they have “the key to the kingdom,” but they lacked the security expertise needed to secure their ecosystem. Deploying Adaptive Shield helped bridge that gap and foster collaboration between the app owners and security teams.

Many Other Security Benefits

While some security benefits were quantifiable by the Forrester Consulting team, they were unable to place a dollar value on everything offered by Adaptive Shield. For example, Forrester Consulting found that the automated processes within the Adaptive Shield platform allowed security teams to focus on security management rather than conduct interviews with app owners about their configurations. It also helped the organization overcome challenges introduced by the democratization of SaaS security. It helped the organization achieve continuous compliance, avoiding any interruptions to business operations, and staying ahead of any SaaS security trends.

Find out how an SSPM can deliver impressive ROI and security benefits

Why Economic Benefits Indicated a 201% ROI

The Total Economic Impact study measured the return on investment experienced by the organization that was interviewed. To quantify these findings, Forrester Consulting first calculated the value of an improved SaaS Security posture. They factored in the number of breaches that had taken place before Adaptive Shield was deployed and projected the number of breaches over three years. Their calculations included diminished productivity, impacted business and security users, and salary data. Their three-year present value estimate of an improved SaaS Security posture was $1.49M.

Figure 2: Breakdown of ROI by Category

Next, Forrester Consulting reviewed operational efficiency achieved through the Adaptive Shield’s SSPM platform. They factored in the number of applications being monitored, hourly wages, and the cost of securing SaaS applications with and without an automated solution. Their estimated three-year present value of savings was $397K.

Forrester Consulting then turned its attention to compliance. They calculated improvements in efficiency based on the time it takes organizations to review their applications and ensure compliance with the different standards. Their three-year present value was worth $260K.

Improved collaboration between security teams and business app owners added another 32K in savings over three years at present value. While the study noted other areas of ROI, it wasn’t able to quantify them.

The total benefits over three years (at present value) totaled $2.18M. The total licensing and deployment costs over those three years, at present value, was $723,866. Payback was reached in less than six months, and the ROI over the three-year time frame was 201%.

A Push Toward SaaS Security

Today, organizations are increasing the volume and value of data stored in the cloud. Modern SaaS apps contain highly sensitive data, including PII, intellectual property, and third-party confidential information. Protecting this data is paramount, and the only realistic way to secure it is through a SaaS Security Posture Management (SSPM) tool.

Organizations understand the need to secure their SaaS stack. At the same time, they need to justify the cost of adding new security tools. By demonstrating significant, measurable ROI, organizations can finally make the case for implementing an SSPM solution.

For the full TEI study, click here.

Note: This article has been expertly written by Maor Bin, CEO and co-founder of Adaptive Shield.

Dec 17, 2023NewsroomCyber Attack / Data Security

MongoDB on Saturday disclosed it’s actively investigating a security incident that has led to unauthorized access to “certain” corporate systems, resulting in the exposure of customer account metadata and contact information.

The American database software company said it first detected anomalous activity on December 13, 2023, and that it immediately activated its incident response efforts.

It further noted that “this unauthorized access has been going on for some period of time before discovery,” but emphasized it’s not “aware of any exposure to the data that customers store in MongoDB Atlas.” It did not disclose the exact time period of the compromise.

In light of the breach, MongoDB recommends that all customers be on the lookout for social engineering and phishing attacks, enforce phishing-resistant multi-factor authentication (MFA), as well as rotate their MongoDB Atlas passwords.

That’s not all. The company said it’s also experiencing elevated login attempts that are causing issues for customers attempting to log in to Atlas and its Support Portal. It, however, said the problem is unrelated to the security event, and that it was resolved as of December 16, 10:22 p.m. ET.

When reached for comment, MongoDB told The Hacker News that the incident is a matter of ongoing investigation and that it will “provide updates as soon as we can.”

Update (as of December 17, 9:00 p.m. ET)

In a follow-up statement shared with the publication, the company said it found no evidence of unauthorized access to MongoDB Atlas clusters –

To be clear, we have not identified any security vulnerability in any MongoDB product as a result of this incident. It is important to note that MongoDB Atlas cluster access is authenticated via a separate system from MongoDB corporate systems, and we have found no evidence that the Atlas cluster authentication system has been compromised.

We are aware of unauthorized access to some corporate systems that contain customer names, phone numbers, and email addresses among other customer account metadata, including system logs for one customer. We have notified the affected customer. At this time, we have found no evidence that any other customers’ system logs were accessed.

We are continuing with our investigation, and are working with relevant authorities and forensic firms.

Update (as of December 18, 9:00 p.m. ET)

MongoDB, in an update to its advisory, said it was a victim of a phishing attack and that the malicious actor used Mullvad VPN to conceal their origins. It listed a total of 15 IP addresses from which the activity originated.

However, the company has yet to disclose when the attack took place, which systems were accessed, and how many customers’ information may be affected by the breach of its corporate systems.

Update (as of December 20, 9:00 p.m. ET)

In a follow-up revision to its advisory, MongoDB said that the phishing attack allowed the unauthorized third party to gain access to some of the corporate applications used to provide support services to MongoDB customers. It also shared the contact information and related account metadata that were accessed from the compromised apps.