Ransomware has been an ongoing cyber risk over the past years. Instead of becoming less prevalent and replaced with different attack vectors, it has evolved, adapted, and become more sophisticated and frequent. Since the start of 2021, the point of attack has sharpened its focus. Ransomware is now about creating a compromise and subsequent operational disruption. The more hackers can interfere with day-to-day business operations, the more likely they will collect ransom. Attacks can now generally be broken down into three subcategories: Phishing attacks, Network Edge Vulnerability, and Remote Desktop Protocol. As of today, these are the three most dangerous threats to your infrastructure.
Phishing (Not Fishing)
Despite its seemingly harmless name, phishing is not a relaxed weekend activity with your friends. Instead, it is the most prevalent form of attack for large enterprises according to AIG internal data. Hackers attempt to set up fraudulent websites with “login” pages that collect usernames and passwords for easy access. Once a registered employee logs in to the fake page, the hackers have the account credentials they need.
Vulnerabilities at the Edge of Your Network
Keeping track of every device and every login on your network is hard, and hackers are able to take full advantage of that. The laptops in use by your board members and senior executives might be tough to crack, but the systems accessed by outside consultants or lower-level employees may be less secure. Today’s hackers are skilled enough to elevate any account to domain admin, the challenge for them is simply getting a hold of an account.
Remote Desktop Protocol
Remote desktop protocol is when attackers deploy a program that allows them to access a system remotely, thereby giving them the ability to any and all privileges granted to the compromised system. However, this is not typically seen as the entry attack. Instead, it’s a secondary attack sector that targets small and medium sized businesses, as it’s the hardest of these three attacks to successfully deploy.
Protecting Your Active Directory
Protection and detection are both required in order to fully protect a network from ransomware attacks, but even the best detective controls can’t do much to prevent a hacker from creating compromises once in the network and cannot expel the attacker. While it’s one of the biggest undertakings a cybersecurity team can attempt, one of the areas of improvement that have the largest potential ROI is hardening active directory. This involves cleaning accounts that no longer are active, as well as limiting unneeded privileges on accounts. Hackers abuse highly privileged service accounts that either are no longer active or have overextended access to areas of the network. Once they gain access, it’s easy to escalate from there. A key step to hardening active directory moving forward is to understand to who, where and why organizations are giving privilege, and to monitor and delete it when no longer needed.
The Principle of Least Privilege
There are no silver bullets in cybersecurity. There is not one individual protection or defense an organization can use to be guaranteed protection. With today’s cybersecurity climate and increasing remote work, however, having an ongoing discourse internally regarding the principle of least privilege isn’t easy, but can be extremely helpful. Deprivileging all the service accounts previously can be a massive project but removing dead accounts and locking down active ones is essential to protecting data.
Steps You Can Take Today
When reading about all of the ransomware attacks and attack methods, you should never assume you or your organization isn’t a target or protection is futile as an attack is inevitable. Both of these mindsets are mistakes. With proper internal processes, managing these threats can be done. Hardening active directory and recognizing the principle of least privilege are just two of many steps you can take today to lock down your network. Further, we here at Axio are committed to providing as much protection from ransomware attacks as we possibly can. Click this link to access our free tool that comes equipped with three assessments and five frameworks. If you’d prefer to speak with an Axio expert, fill out the form below and someone will reach out shortly.
Learn more about our Ransomware Preparedness Assessment.