Malwarebytes said it was hacked by the same group who breached SolarWinds. According to Malwarebytes, the intrusion is not related to the SolarWinds supply chain incident since the company doesn't use any of SolarWinds software in its internal network. Instead, the security firm said the hackers breached its internal systems by exploiting a dormant email protection product within its Office 365.

Malwarebytes said it learned of the intrusion from the Microsoft Security Response Center (MSRC) on December 15, which detected suspicious activity coming from the dormant Office 365 security app. At the time, Microsoft was auditing its Office 365 and Azure infrastructures for signs of malicious apps created by the SolarWinds hackers, also known in cyber-security circles as UNC2452 or Dark Halo. Malwarebytes said that once it learned of the breach, it began an internal investigation to determine what hackers accessed.

Folks, the point here is that long gone are the days of only external cyber risks to your enterprise. As organizations outsource all or parts of their IT and make heavier use of cloud services, their cybersecurity relies even more on those of their suppliers. We now live in times of nation-state compromised supply chains that could impact your enterprise in many different ways. Given the considerable burden of managing your enterprise security, and now contending with nation-state supply chain attacks, it can likely feel overwhelming as a defender. One of my suggestions is to start at the basics and work forward. Ask yourselves what’s the worst day you could have and plan your risks accordingly.

Consider strategies like adopting zero-trust (publicity time - we can help you with the architecture)  models that can help mitigate the damage done, not just against the SolarWinds compromise, or Microsoft azure infrastructure but against any other external threat, ransomware, or other malware attacks. Consider how well you know your networks, and if you know what there is to protect. Think about security monitoring and protections in your IOT environments. Consider emergency response playbooks for cyber incident response.

And remember you should not work for your security products, instead, your security products should help you identify and contain rapidly any possible threat.