Nobelium Attack Highlights Risk of Exposed Credentials

Ethan Geil and Luis Grangeia | May 28, 2021 | tag: National Cybersecurity

Microsoft recently announced that the threat actor Nobelium continues to target government agencies, think tanks, consultants, and non-government organizations with cyber attacks. 

According to Microsoft, Nobelium gained access to the Constant Contact email account at United States Agency for International Development (USAID), using that access to distribute phishing emails to unsuspecting organizations that appeared to be authentic USAID emails.

While information is still coming to light, there is a critical, basic step that all organizations should take to reduce their risk: monitor exposed credentials and prevent password reuse

The two USAID email addresses in the Microsoft technical blog post both appear in BitSight’s “exposed credentials” dataset, meaning that these usernames have been exposed in prior breaches. At least one of the usernames was also exposed in a breach involving plaintext passwords. In fact, BitSight has observed that more than 55,000 USAID credentials have been exposed in 145 prior breaches. If the owners of these credentials reused a password involved in one of those prior breaches -- or used an easily-guessed variation of it -- an attacker would have the knowledge necessary to easily gain access to a system.

Cyber attacks rarely employ novel, never before seen techniques, like zero day attacks. It is far more common for attackers to acquire customizable tools or data available on the dark web to exploit a series of vulnerabilities and weak controls to wreak havoc. By diligently maintaining controls and focusing on the essentials -- including continuously monitoring for exposed credentials and enforcing controls preventing password reuse -- organizations can reduce the risk of breach. 

New call-to-action

Suggested Posts

Nobelium Attack Highlights Risk of Exposed Credentials

Microsoft recently announced that the threat actor Nobelium continues to target government agencies, think tanks, consultants, and non-government organizations with cyber attacks. 

READ MORE »

What’s Most Notable in Biden’s Cybersecurity Executive Order?

In light of recent significant attacks targeting the U.S. government, the Biden administration issued an Executive Order (EO) on cybersecurity on May 8, 2021.

Overall, the EO starts to fill in some critical gaps in US government...

READ MORE »

A response to Security Ratings - Love, Loathe or Live With Them

A week ago (which seems like a world ago given everything that’s happened with SolarWinds) Phil Venables -- formerly CISO of Goldman Sachs and now CISO of Google Cloud -- posted an interesting expose on security ratings this week. Phil...

READ MORE »

Subscribe to get security news and updates in your inbox.