Preventing the next Malwarebytes breach: Get rid of passwords?
U.S. cybersecurity company Malwarebytes is the latest victim in a string of attacks targeting top security firms. In a statement from the company, the hackers breached the internal systems by way of a dormant email protection product within their Office 365 tenant that allowed access to a limited subset of internal company emails.
Malwarebytes says they confirmed the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive investigation, Malwarebytes determined the attacker only gained access to a limited subset of internal company emails and found no evidence of unauthorized access or compromise in any of their internal on-premises and production environments.