Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Attivo Networks Comment: FBI, CISA, NSA Warn of Conti Ransomware Attacks

September 2021 by Tony Cole, Chief Technology Officer at Attivo Networks

Following the news of the FBI, CISA and NSA warning of escalating Conti ransomware attacks, Tony Cole, Chief Technology Officer at Attivo Networks, offers the following comment:

“2021 has seen a significant spike in ransomware attacks and the size of payout demands. The Verizon Data Breach Investigations Report (DBIR) says that ransomware attacks doubled in 2020, which doesn’t include the spate of attacks seen this year. Attackers are working overtime to compromise systems as quickly as possible, stealing data and encrypting critical systems to hold companies hostage for payment.

Adversaries continue to break into systems via simple phishing emails that compromise an initial endpoint. From there, it’s not that difficult for them to masquerade as a legitimate user using the credentials they stole on from the initial incursion. With that user’s credentials, they conduct queries to find targets in the enterprise Active Directory system, steal more credentials with elevated privileges, and rinse and repeat until they have gained access to their target. Then, in the case of the 400 previous Conti victims, they can steal corporate data, encrypt systems, gain control over security settings, and begin the hostage process for a ransom.

To counter these challenges, organizations must understand that they can’t prevent all attacks. They must put in place systems that detect in-network lateral movement and credential misuse, look for privilege escalation, and protect identity management systems such as Active Directory. Without this visibility, we will continue to read about these large successful ransomware attacks for the foreseeable future.”

See previous articles


See next articles