Everything you need to know about the Malwarebytes hack

We’ve all become more conscious of the risk of online scammers and hackers, especially since we put more and more of our personal information into websites and apps on a daily basis. We’ve become more knowledgeable on the likes of data protection through EU regulations like GDPR and learned about how we “drop” cookies as we surf the web. This all makes room for the likes of antivirus software company Malwarebytes to become increasingly popular, with many wanting constant checks on their devices and websites for the infamous malware threats. 

Malwarebytes is known globally for its reliable and effective product but it came to light that they were hacked in late 2020 by the Dark Halo hacker group that attacked Microsoft, SolarWinds, FireEye, and CrowdStrike. Unbeknownst to these companies, the malicious hacker group managed to breach its security and get access to their system. 

How was Malwarebytes hacked?

Good question. The breach was picked up by none other than tech giant Microsoft, the third-party service provider that Malwarebytes was using and the company was notified by Microsoft Security Response Centre that they had noticed some unusual activity in their Office 360 tenant from a third party application. Once the company was notified they quickly ran a full analysis of their system with the help of Microsoft’s Detection & Response Team (DART). 

Malwarebytes investigation into the hacking

It must be difficult for an antivirus software to come out and speak openly about hacking that they were the victim of, but Malwarebytes didn’t shy away from the issue and publicly came out with a statement.

Malwarebytes said, “Together, we performed an extensive investigation of both our cloud and on-premises environments for any activity related to the API calls that triggered the initial alert” and that “After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails,” he also mentioned that they had checked the legacy code for any discrepancies but nothing unusual was found. 

What they found was that the hackers had used sophisticated techniques and procedures that matched the attack on Pingdom owners, SolarWinds. The hackers had leveraged a dormant email protection product to break the company’s integral system including Office 356 and Azure. They self-certified the credentials to gain access to the internal platforms. Once they had access to the Azure API environment, they used this API to call requests to gain access to the internal email. It’s only when Malwarebytes checked their API system that they located the requests history and were able to identify and stop the hackers from getting access. 

Malwarebytes and SolarWinds hack

Malwarebytes has distanced itself from the SolarWinds’ hack by stating the attack was not directly related and that they don’t use any of their software. As more information has come to light, the hack could very well be connected to a string of attacks the Dark Halo group completed in December. Unfortunately, Microsoft was one of the companies they managed to breach then too.  

A Malwarebytes statement by its CEO said “Our internal systems showed no evidence of unauthorized access or compromise in any on-premises and production environments.” Most importantly, “Our software remains safe to use”.

What does this mean for your website?

The most important thing to note from this hacking saga is that it can happen to anyone. It doesn’t matter if you’re a small business or tech giant like Microsoft, hackers aren’t that picky. It’s therefore hugely fundamental for businesses to invest heavily into cybersecurity, and by that, I don’t just mean doing a virus scan once in a while. There are many ways to prevent hackers and threatening bots from performing malicious activities on your websites and ways to identify potential risks with the use of server monitoring and domain monitoring software. 

Many people believe that hackers simply steal personal information on your website but this is just 1% of what they can do. They can hijack your domain and essentially steal your entire “shop sign” associated with your brand. Imagine how much work you’ve done to make your domain rank highly in Google and how much authority it has just for it to then be hijacked. Domain monitoring might seem like a secondary thought but hacks like Malwarebytes show you just how important it can be. 

The same goes for server monitoring. If you can see suspicious activity such as raised resource usage on your server, it undoubtedly gives you a chance to identify potential external hacks, giving you an extra level of protection than when you leave your website unmonitored, without any insight into what’s happening on your trusted servers.

What have the big companies learned from the Malwarebytes hack

It has become evident that the tech giants are working together to overcome these threats and are commonly sharing information and tools to help minimise damage caused by such malicious threats. Although businesses are in competition with each other for rankings and ultimately, customers, they understand the bigger threat they face with online hackers. Staying alert and monitoring the risks and any suspicious activity is the key to prevention, especially for your customers’ data and your business reputation as a whole. The Malwarebytes attack is undoubtedly one of many to come, but this is an ongoing battle that all companies have to learn to live with. Luckily, they have StatusCake to help them through it.