It’s not a matter of if however when a company will face a cybersecurity incident. Incidents like what occurred to MGM Resorts after the ransomware teams ALPHV/BlackCat and Scattered Spider introduced methods down for days, inflicting extreme strains on income as a consequence of disrupted productiveness, misplaced enterprise throughout downtime, legal professional charges, and remediation prices.
Whereas inadequate data has been disclosed to know the complete extent of the MGM Resorts breach, in recent times now we have instantly witnessed a big shift within the techniques employed by extremely coordinated menace actor teams, akin to ALPHV/BlackCat. These teams are more and more prioritizing focusing on infrastructure over endpoints throughout our incident response engagements.
What can organizations do to stop turning into the following headline? Listed here are 5 areas to be careful for.
Improve assist desk procedures to incorporate video chats and picture IDs to confirm the authenticity of requests
The 2023 Data Breach Investigations Report by Verizon unveiled that in 74% of the reported breaches, a human issue performed a job, whether or not partially or solely, in inflicting the breach. The time period “human factor” encompasses numerous conditions, in the end pointing to human involvement in making a vulnerability, whether or not it’s deliberate or unintentional.
Current incidents, such because the breach at MGM Resorts, function stark reminders of the potential penalties of insufficient security measures.
On this explicit occasion, the menace actor reported that they monitored LinkedIn profiles to determine potential targets after which infiltrated the group by vishing or “voice phishing” the IT assist desk. They’ve been identified to make use of social engineering techniques focusing on people with solutions to validation questions generally utilized by the assistance desk.
Relying solely on textual content or electronic mail, and even voice calls, is not enough. ALPHV/BlackCat and different menace actor teams have even resorted to using voice impersonators, making it difficult to discern their true identification primarily based on accent or voice traits.
Organizations ought to replace assist desk procedures to incorporate measures like video chats and picture identification for verifying the identification of people looking for help.
Select multifactor authentication options properly
Multifactor authentication ought to be enabled at any time when potential, however make certain that your group is selecting its insurance policies and procedures properly.
