How To Protect Businesses Against A Series Of Cyber Attacks

reading time: 3 protocol

As if the cyber landscape wasn’t complicated enough, these predators are now feeding on companies that have already been targeted. Cyber ​​security experts used to say: It’s not about if you will be attacked, but when. now they say It doesn’t matter when you’re attacked, but how often.

Brett Gallant, owner of Adaptive Office Solutions, a leading cybersecurity provider in Atlantic Canada, says: “Over the last few months, we’ve seen a noticeable increase in sophisticated phishing attempts. In the current environment, organizations need advanced, multi-layered cybersecurity plans to survive.”

In excerpts from a Strathroy article, they wrote: “It’s like there’s blood in the water. Like sharks sniffing out a meal, hackers from around the world are targeting compromised computer systems,’” said Carmi Levy, a technology analyst based in London, Ontario, following the St. Mary’s cyberattack.

“Cybercriminals worldwide are focusing their efforts on geographic areas where previous attacks have been successful,” Levy said. “When a vulnerability is discovered by a cybercriminal, everyone flocks to the same room.”

As an excerpt from an article in The Register states: “Some of this falls to the organizations themselves, who too often fail to fix vulnerabilities and misconfigurations after the first attack, thereby opening the door to subsequent attacks.

Matt Wixey, Senior Threat Researcher at Sophos, said: “Some attacks happen simultaneously; others are separated by a few days, weeks, or months. Some involve different types of malware or duplicate – even triple – infections of the same type.”

In an incident on May 1st, after initial access was via a Remote Desktop Protocol (RDP) and Mimikatz was used to steal credentials, a company was hit by a Lockbit ransomware attack. Less than two hours later, a Hive ransomware partner attacked the same organization, and two weeks later, the organization was attacked a third time by a BlackCat ransomware group.”

In excerpts from a Sophos article, they wrote: “Multiple attacks not only make incident response more difficult, but also put additional pressure on victims – whether it’s more than one ransom demand or just the sheer technical difficulty of breaking away from two or more attacks to recover in a short time.”

Prevention for organizations

1. Update absolutely everything

Patching early is the best way to avoid future compromises — but it doesn’t mean you haven’t already been attacked. It’s always worth checking to see if your organization has been breached before patching.

2. Prioritize the worst mistakes

Focus on two key elements: 1) critical bugs affecting your specific software stack, and 2) high-profile vulnerabilities that could impact your technology.

3. Be aware of your configurations

Misconfigurations—and failure to fix them after an attack—are the root cause of multiple exploits. Cryptominer operators, IABs and ransomware partners are always looking for exposed RDP and VPN ports.

4. Assume that other attackers have found your vulnerabilities

Threat actors do not operate in isolation and can resell or relist their products, and ransomware partners can use multiple strains – so one vulnerability or misconfiguration can lead to multiple threats.

5. Act quickly

Listing on a leak site may attract other, opportunistic threat actors. If you’re unfortunate enough to be hit by a ransomware attack, take immediate action with your security teams and incident response providers.

6. Ransomware cooperates

Many threat actors can continue to encrypt files even when other ransomware groups are on the same network—or work in a mutually beneficial way so that one group exfiltrates and the other encrypts.

7. Attackers open new backdoors

Closing the initial infection vector is crucial, it’s also worth considering a) other weaknesses and misconfigurations that could be used to gain entry and b) any new entry points that may have emerged.

Conclusion

In an increasingly crowded and competitive threat environment, the multiple attacker problem is likely to increase as more threat actors join and exploit the same targets.”

Adaptive’s Brett Gallant said, “Enterprises can no longer rely solely on off-the-shelf cybersecurity solutions like antivirus software and firewalls. Cyber ​​criminals are constantly developing new, sophisticated methods to hijack data, demand ransom payments, and steal identities.”

At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrime at bay by using analytics, forensics and reverse engineering to prevent malware attempts and patch vulnerability issues. By investing in layered cybersecurity, you can leverage our expertise to strengthen your defenses, mitigate risk and protect your data.

To schedule your Cyber ​​Security Risk Review, email us at [email protected]