Another great piece by Catalin Cimpanu for ZDNet.
Again, we have to be right every single time. They only have to get lucky once.
In addition to my usual harping on the importance of protecting your infrastructure I've posted a few (or a lot, relatively thinking) things on Illumio Edge lately, and why securing your endpoints from lateral attack is important.
Telecom Argentina has suffered a massive ransomware attack, with an outage of services. Initial evidence pointed to the REvil guys, but others are questioning that as the methodology doesn't match. Regardless, someone compromised a domain admin through a phishing e-mail and used that as a recon point to infect an estimated 18,000 workstations.
The $7.5M ransom demand will double if it's not paid today. It is unclear as to whether the AT will pay the ransom, as they have been extremely opaque on the matter, from the timing to the extent of the attack.
I've been digging, and from other articles, as I'm a bit fuzzy on the term "workstations" in context: it seems, from posts on Twitter and other social media by employees of Telecom Argentina, that critical infrastructure was badly damaged.
I'm waiting to see if TA pays the ransom, or how this all plays out.
This is a textbook case of why Zero Trust is so important both at the infrastructure and endpoint level. For both, when you can say with confidence "this resource shouldn't be talking to this resource" is invaluable; when you can be confident that under an enforced policy that anomalous and unauthorized traffic will be blocked, it could save you from a ransomware incident that costs you millions of dollars in ransom and then millions more in lost productivity and customers.
Zero Trust is a philosophy. It doesn't have to be hard, but it has to be planned for, budgeted, and then executed. It's not static; as the threat landscape changes, your postures should adapt and grow as well. Ransomware organizations are still likely to sell your data, even after you pay the ransom. It's their very nature, and I've got another post coming talking about just that.
Have a great day, readers!
According to a report from security firm Advanced Intel, for the past year, the REvil gang has specialized in carrying out network-based intrusions, targeting unpatched networking equipment as the entry point into victim organizations, and before spreading laterally through a company's network.