Are you Sure!!! You want to Unfollow this Business?
Note:- You will not longer be able to see our updates.
Blogs
Latest from Comtech Systems
Sophos Introducing MTR In Real-Time due to Ryuk Ransomware
Jun 23, 2021
The institute lost a week's worth of critical research material as a result of the Ryuk attack because backups were not fully up to date. The fact that all computer and server files had to be rebuilt from the ground up before the data could be restored had a further operational impact. The most difficult lesson, however, was learning that the attack and its consequences could have been averted if network access had been less trusting and more strong. The Rapid Response team examines the logs and historical data available after a cyber-incident has been contained to reconstruct the attackers' steps and the tools and strategies employed at each level. Responders discovered that the attackers had achieved domain access and utilized it to install the Ryuk ransomware through a series of scheduled processes in this case. It wasn't until they went all the way back to the point of first access that they recognized they'd gotten themselves out of the corporate network due to a single human error and security blunder. Human error can occur in any organization; the fact that the error was allowed to escalate to a full-fledged attack was due to the institute's lack of protective measures. Its strategy to allowing those outside the company access to the network was at the heart of this. Students who work at the institute connect to the institute's network using their personal computers. They can access the network using remote Citrix sessions without requiring two-factor authentication. When one of these external university students decided they needed a personal copy of a data visualization software the program they were already using for work, the institute was exposed. A connection to RDP also initiates the automatic installation of a printer driver, allowing users to print documents from a distance. The Rapid Response investigation team was able to identify that the registered RDP connection used a Russian language printer driver and was most likely a rogue connection as a result of this. The Ryuk malware was released ten days after this relationship was made. “It's doubtful that the people behind the 'pirated software' malware are the same people behind the Ryuk attack,” said Peter Mackenzie, Sophos' manager of Rapid Response. “We assume the malware operators sold their access to another attacker because the underground market for previously infected networks allowing attackers simple initial access is growing. The access brokers could have been testing their access over the RDP connection.“Incident investigations are essential because they allow us to observe how an attack unfolded and assist targets in understanding and addressing future security holes. In this situation, the adoption of strong network authentication and access controls, as well as end-user education, may have averted the attack. Comtech Systems, Sophos Firewall System Dealer, can deal with safety operations with Sophos MTR and Rapid Response. Comtech Systems makes use of Sophos Rapid Response to supply the finest safety for you. Comtech Systems, the best provider of cyber safety service, can be reached with a single call; our group of experts is right here to help you with any safety troubles you could have. Sophos Dealers Providers can guide you to achieve your path towards complete online security. Comtech Systems uses Sophos Rapid Response to deliver the greatest protection for you. Comtech, as one of the finest Sophos Partners in Kerala, can provide you with all of the latest cybersecurity technology. More details on our Sophos pages.
bde@comtechsystems.in
+91 974 669 0000
+91484 4858648
