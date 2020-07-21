Over the weekend, the REvil (Sodinokibi) ransomware group targeted Telecom Argentina, one of the country’s largest internet service providers. The group is now demanding $7.5 million in ransom, and that sum will supposedly double after three days. The incident did not cause any damage to the ISP’s customers, but the company’s official websites have been down since Saturday and 18,000 computers have been infected after the hackers gained control of an internal domain admin.
Mark Bagley, VP of Product, AttackIQ
July 21, 2020
Companies must design their security programs to minimize the impact when an adversary successfully infiltrates their network.
This is likely to be one of the more expensive ransomware attacks this year. A security program that included network segmentation, preventing the lateral movement of an adversary would have been decisive in mitigating this situation. Legacy approaches that focus on stopping an adversary at their initial attempts to access targets of interest will continue to fail. Companies must design their sec ....This is likely to be one of the more expensive ransomware attacks this year. A security program that included network segmentation, preventing the lateral movement of an adversary would have been decisive in mitigating this situation. Legacy approaches that focus on stopping an adversary at their initial attempts to access targets of interest will continue to fail. Companies must design their security programs to minimize the impact when an adversary successfully infiltrates their network. This control of lateral movement is imperative to preventing many other adversary behaviors. Preventing an adversary from using credentials harvested from one system elsewhere in the network - a technique called "credential stuffing" when automated - is one crucial way organizations can reduce the damage of an attack. Given the increases in sophistication and automation that have been observed in recent attacks, it’s not enough to address cyber threats as they happen. A proactive cybersecurity approach is vital and should include continuous testing of security posture to identify exposures and improve defenses before adversaries apply exploits to them.
