Attivo Networks Comment: FBI, CISA, NSA Warn of Conti Ransomware Attacks
September 2021 by Tony Cole, Chief Technology Officer at Attivo Networks
Following the news of the FBI, CISA and NSA warning of escalating Conti ransomware attacks, Tony Cole, Chief Technology Officer at Attivo Networks, offers the following comment:
“2021 has seen a significant spike in ransomware attacks and the size of payout demands. The Verizon Data Breach Investigations Report (DBIR) says that ransomware attacks doubled in 2020, which doesn’t include the spate of attacks seen this year. Attackers are working overtime to compromise systems as quickly as possible, stealing data and encrypting critical systems to hold companies hostage for payment.
Adversaries continue to break into systems via simple phishing emails that compromise an initial endpoint. From there, it’s not that difficult for them to masquerade as a legitimate user using the credentials they stole on from the initial incursion. With that user’s credentials, they conduct queries to find targets in the enterprise Active Directory system, steal more credentials with elevated privileges, and rinse and repeat until they have gained access to their target. Then, in the case of the 400 previous Conti victims, they can steal corporate data, encrypt systems, gain control over security settings, and begin the hostage process for a ransom.
To counter these challenges, organizations must understand that they can’t prevent all attacks. They must put in place systems that detect in-network lateral movement and credential misuse, look for privilege escalation, and protect identity management systems such as Active Directory. Without this visibility, we will continue to read about these large successful ransomware attacks for the foreseeable future.”