Leading Managed Technology Services Provider Alerts SMBs (Small to Mid-Sized Businesses) of Emboldened Cybercrime Group Now Targeting Microsoft

ANN ARBOR, MI — December 2021 – UTEC, a leading managed technology services provider (MTSP), recently announced that Microsoft is handing down a directive to managed IT service providers that Nobellium, the cybercrime group behind the widely publicized SolarWinds ransomware attacks, is growing in audacity. Microsoft’s threat notification center has either been targeted or compromised by Nobellium and Microsoft is issuing guidance to all SMBs, IT and managed IT service providers to shore up their cybersecurity defenses, immediately. Cybersecurity continues to receive mainstream media attention and through instances like this that attention appears to be warranted. UTEC is alerting its customers to keep them aware that cybersecurity isn’t a transitory concern and that unfortunately it will become a core competency of almost every business in the near future. However, all UTEC customers can rest assured that they do not need to take any action because UTEC customers already have preventative measures in place to protect them from these sorts of cyberthreats.

According to Microsoft, “Microsoft has observed Nobelium targeting privileged accounts of service providers to move laterally in cloud environments, leveraging the trusted technical relationships to gain access to downstream customers and enable further attacks or access targeted systems. These attacks are not the result of a product security vulnerability but rather a continuation of Nobeliums use of a diverse and dynamic toolkit that includes sophisticated malware, password sprays, supply chain attacks, token theft, API abuse, and spear phishing to compromise user accounts and leverage the access of those accounts. These attacks have highlighted the need for all administrators to adopt strict account security practices and take additional measures to secure their environments.”

Kevin Van Kannel, President of UTEC, responded, “Tons of MSPs rely heavily on delegated administrative privileges. User accounts need to be regularly audited and we can’t underscore how important it is for companies to take preventative measures, now to protect their organizations. In the unfortunate event of a breach, businesses are required by law to notify their customers of the breach, which can cause irreparable relationship damage. Fortunately, recent advances in managed IT services have presented solutions for these types of problems in a strong, cost-effective and scalable manner.”

Aaron Gurgul, Director of Technology for UTEC, added, “There are plenty of best practices which we can follow, but the main concept to keep in mind is that you should be trying to hack into your own company. This will help you find weak spots in your IT infrastructure, which will direct you to remedies. If you don’t know how to do that, that’s a clear indication that you should be working with a trusted managed technology services provider to help you assess your network’s strength.” As Gurgul mentioned, there are plenty of best practices which business operators should be utilizing which include, but are not limited to: removing delegated administrative privileges when not in use, regularly auditing accounts, minimizing admin privileges, creating separate logins for admins, turning on multi-factor authentication (or 2-Step verification), performing log reviews and educating staff on how to spot malware/phishing attempts, especially via email. There are many more best practices, but even implementing these would be an excellent start for any organization that wishes to take proactive steps towards securing their network.

“When one of the biggest companies in the world makes an announcement like this, you have to take notice and put the appropriate security measures in place,” reminds Van Kannel.

While cybersecurity has inadvertently become a key aspect of every business’s long-term health, fortunately, businesses can alleviate these concerns with an ounce of preventative action, by ensuring that their IT provider is taking the previously recommended steps. “Many C-Level Executives are too busy focusing on other growth areas to justify them tinkering with IT intricacies and they must rely on IT staff at their word to believe that the organization is taking the necessary proactive steps required to keep the company safe. If your current IT provider has already made you aware of this announcement, it’s highly likely that they are also proactively taking the necessary steps to keep your organization protected. However, if they aren’t communicating these types of announcements to you they may benefit from additional support from an external managed IT service provider who can guide them through the implementation of best practices,” concluded Van Kannel.


UTEC was established in 1975 in Ann Arbor, Michigan. UTEC is a growing company recognized as a leader in office and information technology solutions and services.

UTEC offers state-of-the-art products and unwavering customer service that has helped grow and expand its operations throughout Michigan.

UTEC employs a staff of over 30 people and provides the following products and services: a variety of IT solutions, including managed network capabilities, multi-function printers & copiers, wide-format printers, managed print services, VoIP phone systems, digital and interactive displays, document management solutions, thermal imaging kiosks, postage meters, and mailing solutions. UTEC can attribute much of its growth over the past several years by specializing in customized IT and Smart Office Solutions.

UTECs focus extends beyond the products and services they offer. They arededicated to supporting the local communities they operate, including many non-profit organizations, Chambers of Commerce, high school, and collegiate academics and athletics.

For more information on UTECs business products and services, contact UTEC, 1995 Highland Drive, Suite. C, Ann Arbor, MI  48108.  For online company and product information, visit our website at www.utecit.com or email us at info@utecit.com.

Source UTEC

Embrace Chaos Engineering