Cybersecurity vendors are themselves under attack by hackers, SentinelOne says  – CyberScoop

Cybersecurity companies don’t just defend their customers against cyberattacks — they also have to defend themselves, and a SentinelOne report published Monday examines some of the biggest threats they’re facing.

Those include ransomware, Chinese government-sponsored hackers and North Korean IT workers posing as job applicants, according to the report from SentinelOne’s SentinelLabs.

“In recent months, SentinelOne has observed and defended against a spectrum of attacks from financially motivated crimeware to tailored campaigns by advanced nation-state actors,” the report reads. “These incidents were real intrusion attempts against a U.S.-based cybersecurity company by adversaries, but incidents such as these are neither new nor unique to SentinelOne.”

Cybersecurity firms can make an attractive target for hackers, despite the perception that a company that protects others might be better at protecting their own networks and systems. FireEye famously discovered the notorious SolarWinds hacking campaign hacking campaign when it realized that it itself was a victim.

“Talking about being targeted is uncomfortable for any organization. For cybersecurity vendors, it’s practically taboo,“ the SentinelOne report states. “But the truth is security vendors sit at an interesting cross-section of access, responsibility, and attacker ire that makes us prime targets for a variety of threat actors, and the stakes couldn’t be higher.

“When adversaries compromise a security company, they don’t just breach a single environment — they potentially gain insight into how thousands of environments and millions of endpoints are protected,” it continues.

So, for instance, SentinelOne said it had tracked roughly 360 fake personas and 1,000 job applicants with links to North Korean IT worker operations applying for SentinelOne jobs — including those trying to get jobs on the SentinelLabs intelligence engineering team. In investigating the campaign, SentinelOne concluded that there was value in sharing threat info with different, non-investigative teams — in this case, recruiters.

Ransomware operators have targeted SentinelOne as part of an underground economy geared toward buying, selling or renting access to enterprise security tools. They include a group operated by a Russian national.

Chinese state-sponsored hackers targeting the company include a group known for targeting critical infrastructure around the globe, such as telecommunications, IT and government organizations.

The post Cybersecurity vendors are themselves under attack by hackers, SentinelOne says appeared first on CyberScoop.

  –

Read More  – CyberScoop