On October 11, a Russian-based threat group known as IRIDIUM carried out a series of coordinated attacks. Victims included organizations that provide or transport military and humanitarian assistance to Ukraine. The Prestige ransomware attack and other recent attacks serve as an indicator of ransomware trends and a reminder of the need for improved security.
The ransomware landscape has evolved quickly in recent years as technology and cyber security awareness continue to advance. On the one hand, as organizations implement tamper-resistant backups and more sophisticated malware detection, they significantly reduce the risk of data loss. On the other, attackers continually adjust their attack methods.
An overview of several key ransomware attacks in 2022 illustrates some of the current trends.
In addition to cyber terrorism, increasingly sophisticated methods, and a focus on healthcare and infrastructure, other patterns have emerged. For instance, attackers frequently attack small vendors, disrupting the supply chain for bigger fish. Double extortion attacks have also increased, in which hackers steal sensitive data from the victim to use as additional leverage.
Most successful ransomware attacks share a common feature. That is, successful attackers were able to compromise one or more highly privileged user accounts. In some cases, hackers gained access to a domain-wide administrator account. In other cases, multiple local administrator accounts shared the same password.
To guard against compromise of privileged accounts, organizations need to implement several best practices for credentials. For instance, the principle of least privilege mandates that users should be granted the minimum amount of access necessary. Tools like Microsoft Entra provide the analytics necessary to ensure that users do not have excessive or unused permissions.
Additionally, zero trust policies protect the system by requiring authentication every time a user or device attempts to access the network. Modern authentication systems such as multi-factor authentication (MFA) and randomized administrator passwords also provide critical security.
In some cases, organizations have security tools at their disposal but have not configured them properly. At the basic level, simply changing default passwords makes it more difficult for hackers to enter the system. But available tools provide many additional protections.
For example, Microsoft offers a suite of security tools in the Microsoft Defender family of products. Even small businesses can take advantage of enterprise-grade endpoint protection by deploying Microsoft Defender for Business.
These tools and others can play a critical role in reducing the risk of ransomware and other cyber-attacks. However, they can be difficult to configure, particularly for organizations with limited cyber security expertise. A cyber security consultant can provide crucial assistance in determining the right tools and settings to use.
Improving your cyber security posture requires an investment. However, companies that invest the time and resources required see important returns in mitigating the risk of a successful attack.
The cyber security consultants at eMazzanti offer the expertise necessary to ensure that you have the security you need. They will help you choose and configure the tools you need, including access management, email protection, data encryption and continuous network monitoring.
In today’s fast-paced digital landscape, businesses cannot thrive without effective collaboration. Microsoft continues its unwavering…
An email signature accomplishes much more than simply telling readers who you are and how…
Cyber security professionals work hard to safeguard companies’ information. But with criminals constantly changing their…
Domain-Based Message Authentication, Reporting, and Conformance (DMARC) is an e-mail security protocol designed to validate…
My job is to manage my law office’s cloud servers here at Justice Freaks. As…
My worst nightmare would be to date someone who isn’t who they say they are.…