Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more
Blog Data Security

Threat Update 36 – A Supply Chain Attack By Any Other Name

Kilian and Ryan look at a supply chain attack that silently stole cloud credentials for several months before detection.
Kilian Englert
1 min read
Last updated January 17, 2023

Contents

    The SolarWinds supply chain attack was seen as a wake-up call for many in business, IT, and security. Both attackers & defenders took notice of the attack’s effectiveness, and created a hyper-awareness around future supply chain attacks – attackers looking for new ways to inject themselves, and defenders scrutinizing the tools and processes their organizations employ.

    Join Kilian Englert and Ryan O’Boyle from the Varonis Incident Response team as they look at a supply chain attack that silently stole cloud credentials for several months before detection. Ryan and Kilian also provide some tips on ways organizations can help identify potential issues resulting from a cloud-focused supply chain attack.

     

    Articles referenced in this video:

    Backdoored developer tool that stole credentials escaped notice for 3 months

    To learn how else we can help, please visit us at:https://www.varonis.com/support

    Varonis customers also get access to great educational content to help support them on their journey: https://www.varonis.com/how-to-videos/

    What you should do now

    Below are three ways we can help you begin your journey to reducing data risk at your company:

    1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
    2. Download our free report and learn the risks associated with SaaS data exposure.
    3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
    Kilian Englert
    Kilian Englert Kilian has a background in enterprise security engineering, as well as security solution selling. Kilian is a Certified Information Systems Security Professional (CISSP) and creates internal and public content on topics related to cybersecurity and technology best practices.

    Try Varonis free.

    Get a detailed data risk report based on your company’s data.
    Deploys in minutes.
    Get started View sample

    Keep reading

    Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

    threat-update-28-–-re-ryuk’ed-&-exchange-zero-day
    Threat Update 28 – Re-Ryuk’ed & Exchange Zero-Day
    threat-update-28-–-re-ryuk’ed-&-exchange-zero-day
    Kilian Englert
    March 4, 2021
    Is it too soon for a 2020 throwback? The Ryuk ransomware gang certainly doesn’t think so! It looks like one of the premiere ransomware-as-a-service groups was not content to rest on their laurels, and it appears they’ve added self-spreading capabilities.
    threat-update-23---bypassing-endpoint-controls-using-office-macros
    Threat Update 23 - Bypassing Endpoint Controls Using Office Macros
    threat-update-23---bypassing-endpoint-controls-using-office-macros
    Kilian Englert
    February 1, 2021
    So many attacks start with a simple booby-trapped document that runs malicious code. Crafty attackers can even customize the payload to bypass endpoint controls! Don’t believe us? Check out this...
    threat-update-37-–-is-sso-the-new-(h)active-directory?
    Threat Update 37 – Is SSO the new (h)Active Directory?
    threat-update-37-–-is-sso-the-new-(h)active-directory?
    Kilian Englert
    May 6, 2021
    As organizations continue moving to cloud services at a breakneck pace, the adoption of SSO solutions has been a safe and effective way for IT teams to enable and control…
    threat-update-21---solarleaks
    Threat Update 21 - SolarLeaks
    threat-update-21---solarleaks
    Kilian Englert
    January 15, 2021
    The initial news of the SolarWinds supply chain attack was a devastating revelation to many organizations. It didn’t take the cybercriminal world long to try to profit off of this...