Comment on Acer ransom demand set to double if not paid
March 2021 by Attivo Networks®
With the ransom demand to Acer set to double to $100 million if not paid in a couple of days (by the 28th), please see below for comment from security experts from Attivo Networks.
Venu Vissamsetty, VP security research, at Attivo Networks:
“As evidenced by the recent SITA breach impacting the travel industry, today’s cyber attackers have become increasingly sophisticated with their tactics, which have grown in complexity. This evolution has several reasons, including lengthy dwell time that attackers are leveraging for their massive attacks and supply chain weaknesses where software is explicitly trusted.
"Attackers are quietly exploiting these weaknesses to change policies and create backdoors. Traditional security defenses that rely on signatures, logs, and database lookups can’t sufficiently detect lateral movement or imposters using real employee credentials. Additionally, security infrastructure has failed to detect vulnerabilities and attacks on critical infrastructure such as Active Directory. However, by focusing more on lateral movement, credential theft, and privilege escalation, organizations can still mitigate the pervasiveness of these attacks until they establish greater security.”
Carolyn Crandall, Chief Security Advocate at Attivo Networks:
"We have also seen a trend in these large scale attacks that is troubling. The compromise of Active Directory, which is the main nerve center of delivering services to employees and applications, is being used in every attack. “Ransomware has become a global economic threat that impacts businesses of all sizes. Ransomware attackers are well resourced and equipped with sophisticated tools that used to be reserved for nation-state attackers. Many organisations are becoming victims like the these universities, and are faced with difficult decisions on whether to pay or face disruption of operations.
"The situation is compounded by security defenders finding that they can no longer trust the software or security systems that they have historically relied on. A new approach to security architecture is desperately needed, though unfortunately, many security teams are not gaining the executive level support, resources, or budget to achieve it.”
"To stay protected, businesses must add layers of defense that include quickly detecting attacker lateral movement and privilege escalation. One of the fastest ways to better protect an organization is to obfuscate the attack surface with decoys and data concealment so that cybercriminals cannot find what they seek. A more sophisticated security posture would include adding in mis-directions that channel the attackers own momentum against them, further disrupting their ability to succeed and deterring the attack."