Ransomware attacks: Microsoft reveals 3 biggest security mistakes

Microsoft Security shared three main problems found during ransomware attacks.

| Updated on: Dec 01 2022, 13:56 IST
ALERT! Do you use USB devices? Beware! Your Windows computer under threat from Malware
1/5 Red Canary: cybersecurity researchers have discovered a new malware that spreads to Windows computers through infected USB drives. However as of now, researchers are unaware of how it happens. (REUTERS)
2/5 According to Tech Radar, the cybersecurity researchers did not name the malware but linked it to the group of malicious actors they call Raspberry Robin. (Pixabay)
3/5 According to the report by researchers, "While msiexec.exe downloads and executes legitimate installer packages, adversaries also leverage it to deliver malware. Raspberry Robin uses msiexec.exe to attempt external network communication to a malicious domain for C2 purposes." (REUTERS)
4/5 The malware spreads to new devices via an infected .LNK file. Once someone plugs in the USB drive, the malware runs the infection process via command prompt. (REUTERS)
5/5 The researchers said, "We also don't know why Raspberry Robin installs a malicious DLL, one hypothesis is that it may be an attempt to establish persistence on an infected system, though additional information is required to build confidence in that hypothesis." (MINT_PRINT)
View all Images
93 percent of Microsoft investigations during ransomware recovery engagements revealed insufficient privilege access and lateral movement controls. (Unsplash)

Ransomware attacks are increasing year by year! Every other day, there is some piece of news warning the public about the threat to their personal data which often leads to financial loss. However, several cyber security firms and researchers are coming up with security protocols to improve cyber defence. However, the threat of ransomware and extortion is becoming more audacious with attacks targeting governments, businesses, and critical infrastructure too. Ransomware is basically a type of malware that locks the user out of their files or their device and the hackers demand payment to restore access to information.

Microsoft conducted an investigation during ransomware recovery engagements which revealed that 93 percent of those who have been attacked have insufficient privilege access and lateral movement controls. The cyber criminals take advantage of these security weaknesses and share common attack patterns and techniques. Hence, to combat and prevent attacks of these ransomware techniques, Microsoft Security has identified three main problems that led to ransomware attacks.

Weak identity controls

Human-operated ransomware continues to evolve and employ credential theft and lateral movement methods traditionally associated with targeted attacks. In 88 percent of engagements identified by Microsoft, MFA was not implemented for sensitive and highly privileged accounts, leaving a security gap for attackers to compromise credentials and pivot further attacks using legitimate credentials.

Ineffective security operations

Organizations which suffered ransomware attacks have significant gaps in their security operations, tooling, and information technology asset lifecycle management. 68 percent of impacted organizations did not have an effective vulnerability and patch management process, and a high dependence on manual processes versus automated patching led to critical openings.

84 percent of impacted organizations did not enable integration of their multi-cloud environments into their security operations tooling. Lack of an effective response plan was a critical area observed in 76 percent of impacted organizations, preventing proper organizational crisis readiness and negatively impacting time to respond and recover.

Limited data protection

Many compromised organizations lacked proper data protection processes leading to a severe impact on recovery times and the capability to return to business operations. Attackers usually find their way to compromise systems via exploiting vulnerabilities in the organization, exfiltrating critical data for extortion, intellectual property theft, or monetization. 92 percent of impacted organizations did not implement effective data loss prevention controls to mitigate these risks, leading to critical data loss.

Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 01 Dec, 13:55 IST
keep up with tech