Perpetrators of CWT ransomware attack recommend password rotation, admin rights removal, and application control as tips to prevent attacks.
Even in movies, we don’t get to see burglars giving tips on how to protect our homes. In the cybersecurity world, the modus operandi and the measures to prevent attacks mostly revolve around assumptions. Last week, in a rare happening, Jack Stubbs, the European cybersecurity correspondent at Reuters has published the online chat room negotiations that reportedly took place between a victim of a ransomware attack and the attack perpetrators.
The best part of the story is the tips given by the attackers to prevent attacks after the ransom was paid. The tips lay stress on passwords protection, locking down administrator rights, and establishing application control - which security experts have long been recommending.
Last week, CWT, the US-based business travel management firm faced a ransomware attack. Cybercriminals stole reams of sensitive corporate files and claimed they had knocked 30,000 computers offline. The attackers used a strain of ransomware called Ragnar Locker, which encrypts computer files and renders them unusable until the victim pays for access to be restored. The firm reportedly paid $4.5 million to the hackers.
Reuters got access to a public chat room conversation reportedly between the CWT representative and the hacker group. At the end of the negotiations, after the ransom was paid, the hackers have given a set of security recommendations to prevent future attacks.
The cybercriminals have given a list of recommendations to prevent ransomware attacks. Some of the key recommendations include:
The above recommendations clearly bring out the importance of the foundational security measures that security experts have been stressing for so long.
Malware quickly and easily spreads through the installation of unapproved software, pirated tools, opening malicious email attachments, clicking malicious URLs, visiting harmful pages (drive-by downloads), and so on. Even tech-savvy end-users can unintentionally fall prey to any of these attacks and malware would gain a strong foothold.
Most of these attacks happen mainly because end-users possess local administrator rights. When your employees work from home, quite unintentionally, they tend to do all these.
After getting on to a computer, the malware goes about editing the registry gaining a strong foothold, captures credentials, tampers audit logs, and moves laterally across the network stealing sensitive data.
Organizations should have control over what applications their end-users are installing on corporate laptops while working remotely. Preventing the usage of unauthorized applications reduces the risk of Malware.
The best practice approach to prevent attacks is to enforce least privileges across the organization by removing local administrator rights from all endpoints. But this could lead to productivity issues and frustration as employees will have to approach the system administration team even for trivial needs.
To avoid that, administrator rights removal should be combined with robust application control. Define and control which applications can be run by standard users. Whitelist trusted applications and prevent unapproved and malicious applications. This empowers standard users to seamlessly run approved applications (that would normally require admin rights) whenever needed. When specific users require broader privilege, you can grant a time-limited, fully controlled, and comprehensively audited temporary administrator access on a need basis. This is controlled by a well-defined workflow, which takes care of automatically revoking the access.
Another best practice measure, which is often overlooked is periodic password resets. If the passwords of sensitive IT assets are changed periodically and assigned with strong, unique passwords, the risk of cyber attacks could be reduced.
Securden helps you thwart security issues with an extremely easy-to-use, simple to deploy, and a highly affordable privileged access security solutions.
Schedule a demo or start a 30-day trial now.
Endpoint Privilege Management: Filling the gaps in Intune (Part 2)
Intune EPM (Now Microsoft Entra) helps organizations manage admin rights in a very basic manner ...
Oct 10 · 3 min read
Endpoint Privilege Management: The local admin rights dilemma (Part 1)
The debate over giving unrestricted admin rights is a constant struggle between IT staff and ...
Oct 6 · 4 min read
2013 Target Data Breach: 10 Years On, but the Same Threat Pattern Looms Large!
Hackers targeted the low-hanging fruit, launched an unsophisticated attack, and carried out a...
July 25 · 6 min read
Password management best practices: Practice or Pay!
Passwords leaked from data breaches in the past continue to cause ripples in 2023, even amidst...
May 26 · 5 min read
Identity thefts and data breaches - The aftermath of privileged access mismanagement
Cybersecurity is a growing concern for businesses of all sizes, as advanced hackers and cybercriminals...
Dec 27 · 4 min read
Spate of cyberattacks rock the land down under
Lack of API security, exposed credentials, and misuse of privileged access continue to cause harm...
Nov 25 · 4 min read
Make this Thanksgiving a memorable one. Treat yourself to a surprise!
We're planning to make this year's Thanksgiving extra special.
Nov 21 · 2 min read
The Spooky Season is here early! Recent data breaches re-emphasize the significance of password security
As Halloween is dedicated to remembering the martyred, organizations falling victim to data breaches remind us...
Oct 20 · 4 min read
We're at GITEX, Dubai. Come, meet us!
Are you planning to participate in GITEX, Dubai? If yes, this is a great opportunity to meet our product experts and get a ...
Oct 10 · 2 min read
May God defend me from my friends
As stories of trusted insiders causing information security breaches continue to unfold, it’s time organizations woke up to...
Dec 21 · 4 min read
Ransomware attack on Colonial Pipeline: Executing cyberattacks, now a child's play!
With the easy availability billions of compromised credentials on the dark web, and the practice of password reuse rampant, hackers...
jun 7 · 5 min read
Eliminating Admin Rights and Controlling Applications (Part 3)
One of the most effective approaches to reducing risks is eliminating the local admin accounts altogether and...
May 17 · 4 min read
Looking for a Passwordstate alternative?
Passwordstate, an enterprise password manager developed by Click Studios, suffered a supply chain attack between...
Apr 30 · 3 min read
Local Admin Accounts Management: Microsoft LAPS Vs. PAM (Part-2)
In the previous post, we dealt with the importance of local admin accounts, the associated security risks, and...
Apr 06 · 3 min read
Top 10 password policy recommendations for sysadmins in 2021
Passwords are omnipresent in our personal and business digital environments. An average person has at least...
Jun 12 · 8 min read
Local Admin Accounts - Security Risks and Best Practices (Part 1)
We are all too familiar with the local administrator account that gets created automatically when installing a Windows...
Mar 19 · 4 min read
Poor password security practices cause massive security breaches
Weak passwords, password reuse, password sharing, hard-coded credentials, lax measures to storing credentials...
Mar 13 · 6 min read