“This strategy, popularized by actors reminiscent of Cl0p via large-scale exploitation of third-party and provide chain vulnerabilities, is now being mirrored extra extensively, alongside elevated abuse of legitimate accounts, authentic administrative instruments to mix into regular exercise, and in some instances makes an attempt to recruit or incentivize insiders to facilitate entry,” Mourtzinos says.
The evolving tradecraft of ransomware teams ought to immediate a rethink of defensive methods.
“For CISOs, the precedence must be strengthening identification controls, intently monitoring trusted purposes and third-party integrations, and guaranteeing detection methods deal with persistence and information exfiltration exercise,” Mourtzinos advises.
