One Article Review
| Source |  CybeReason |
|---|---|
| Identifiant | 1798830 |
| Date de publication | 2020-06-11 04:15:00 (vue: 2020-07-09 15:05:37) |
| Titre | Cybereason\'s Newest Honeypot Shows How Multistage Ransomware Attacks Should Have Critical Infrastructure Providers on High Alert |
| Texte |
Introduction
Earlier this year, Cybereason launched its latest honeypot to analyze the tactics, techniques, and procedures used by state-sponsored groups and cyber crime actors to target critical infrastructure providers. This honeypot was a follow up to a previous successful honeypot launched two years ago in 2018 looking at the same industry. The honeypot was built to look like an electricity company with operations in North America and Europe.
In this new research, the Cybereason team identified multiple attackers executing ransomware operations involving data theft, the stealing of user credentials, and lateral movement across the victims network to compromise as many endpoints as possible. This includes critical assets like the domain controllers, which could take between several minutes to several hours to properly infiltrate.
Ransomware capabilities were deployed early on in the hacking operation, but it was not immediately detonated. The ransomware was designed to detonate only after preliminary stages of the attack finished across all compromised endpoints in order to achieve maximum impact on the victim.
This operational attack pattern attempts to impact as many victim assets as possible, representing a higher risk to organizations compared to ransomware attacks that impact the single machine they initially access. However, this operational pattern also represents an opportunity for defenders with a rapid detection and response process to detect the attack at its early stages and respond effectively before ransomware is able to impact the environment.
Given the results of this research, we conclude that multistage ransomware attacks on critical infrastructure providers are increasingly dangerous and more prevalent.
Check out a condensed, high level version of this report on our threat alerts page.
Background
We live in a world of insecurity where hackers have the advantage over the vast majority of enterprises trying to protect their computer networks. No where is that more evident than with critical infrastructure providers, who are facing a constant barrage of cyberattacks from motivated and oftentimes well-funded groups of cybercriminals and state-sponsored actors. |
| Notes | |
| Envoyé | Oui |
| Condensat | 2018 able access achieve across actors advantage after ago alert alerts all also america analyze are assets attack attackers attacks attempts background barrage before between built but capabilities check company compared compromise compromised computer conclude condensed constant controllers could credentials crime critical cyber cyberattacks cybercriminals cybereason dangerous data defenders deployed designed detect detection detonate detonated domain earlier early effectively electricity endpoints enterprises environment europe evident executing facing finished follow from funded given groups hackers hacking have high higher honeypot hours how however identified immediately impact includes increasingly industry infiltrate infrastructure initially insecurity introduction involving its lateral latest launched level like live look looking machine majority many maximum minutes more motivated movement multiple multistage network networks new newest north not oftentimes only operation operational operations opportunity order organizations out over page pattern possible preliminary prevalent previous procedures process properly protect providers ransomware rapid report representing represents research respond response results risk same several should shows single sponsored stages state stealing successful tactics take target team techniques than theft threat trying two used user vast version victim victims well where which who world year years |
| Tags | Ransomware |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ressemble à 1 autre(s) article(s):
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-06-12 14:19:00 | (Déjà vu) Exoert Reaction On Honeypot Shows Multistage Ransomware should Have Critical Infrastructure Providers On High Alert (lien direct) | Earlier this year, Cybereason launched its latest honeypot to analyze the tactics, techniques, and procedures used by state-sponsored groups and cyber crime actors to target critical infrastructure providers. This honeypot was a follow up to a previous successful honeypot launched two years ago in 2018 looking at the same industry. The honeypot was built to look like … The ISBuzz Post: This Post Exoert Reaction On Honeypot Shows Multistage Ransomware should Have Critical Infrastructure Providers On High Alert | Ransomware |