How To Protect Businesses Against A Series Of Cyber Attacks
As if the cyber landscape wasn’t already complicated enough, now these predators are feeding on businesses that have already been attacked. Cyber security experts used to say, It’s not a matter of whether you’ll be attacked, but when. Now they’re saying, It’s not a matter of when you’ll be attacked, but how often.
Brett Gallant, the owner of Adaptive Office Solutions, a leading cyber security provider in Atlantic Canada, says, “In the past few months we have seen a noticeable uptick in sophisticated phishing attempts. In the current environment, businesses need advanced, multilayered cybersecurity plans in order to survive.”
In excerpts from an article by Strathroy, they wrote, “It’s as if there’s ‘blood in the water. Like sharks sniffing out a meal, hackers from around the globe are targeting vulnerable computer systems,’” said Carmi Levy, a London (Ontario) technology analyst after the cyber attack in St. Mary’s.
“Cybercriminals globally are focusing their efforts on geographic areas where previous attacks have succeeded,” Levy said. “When one weakness is discovered by one cybercriminal, they all tend to flock toward that same space.”
In an excerpt from an article by The Register, it says, “Some of this falls at the feet of the organizations themselves, which too often fail to address vulnerabilities and misconfigurations after the first attack, opening the door to ensuing attacks.
Matt Wixey, a senior threat researcher at Sophos, said “Some attacks take place simultaneously; others are separated by a few days, weeks, or months. Some involve different kinds of malware, or double – even triple – infections of the same type.”
In an incident on May 1st: After initial access was gained via a Remote Desktop Protocol (RDP) and Mimikatz was used to steal credentials, a company was hit by a Lockbit ransomware attack. Less than two hours later, a Hive ransomware affiliate attacked the same company, and two weeks later the organization was attacked a third time by a BlackCat ransomware group.”
In excerpts from an article by Sophos, they wrote, “Multiple attacks not only complicate incident response but also place additional pressure on victims – whether that’s through more than one ransom demand or just the sheer technical difficulty of trying to recover from two or more attacks in a short space of time.”
Prevention for organizations
1. Update absolutely everything
Patching early is the best way to avoid being compromised in the future – but it doesn’t mean you haven’t already been attacked. It’s always worth checking that your organization wasn’t breached prior to patching.
2. Prioritize the worst bugs
Focus on two key elements: 1) critical bugs affecting your specific software stack, and 2) high-profile vulnerabilities that could affect your technology.
3. Mind your configurations
Misconfigurations – and a failure to remediate them after an attack – are the leading cause of multiple exploitations. Cryptominer operators, IABs, and ransomware affiliates always look for exposed RDP and VPN ports.
4. Assume other attackers have found your vulnerabilities
Threat actors don’t operate in isolation and might resell or relist their products, and ransomware affiliates may use multiple strains – so one vulnerability or misconfiguration can lead to multiple threats.
5. Act quickly
Being listed on a leak site may attract other, opportunistic threat actors. If you’re unfortunate enough to be hit with a ransomware attack, take immediate action with your security teams and incident response provider(s).
6. Ransomware collaborates
Many threat actors may proceed to encrypt files even if other ransomware groups are on the same network – or operate in a mutually beneficial way so that one group exfiltrates and the other encrypts.
7. Attackers open new backdoors
It’s crucial to close off the initial infection vector, it’s also worth considering a) other weaknesses and misconfigurations that could be used to gain access, and b) any new ingress points that may have appeared.
Conclusion
In an increasingly crowded and competitive threat environment, the problem of multiple attackers is likely to grow, with more threat actors coming into the mix and exploiting the same targets.”
Brett Gallant of Adaptive said, “Businesses can no longer solely rely on out-of-the-box cybersecurity solutions like antivirus software and firewalls. Cybercriminals are continually developing new, sophisticated ways to hijack data, demand ransom payments, and steal identities.”
At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data.
To schedule your Cyber Security Risk Review, email us at [email protected]