This new honeypot is a follow up to a previous successful honeypot launched two years ago in 2018 looking at the same industry. The honeypot was built to look like an electricity company with operations in Europe and North America.
The Cybereason team identified multiple attackers executing ransomware operations involving data theft, the stealing of user credentials, and lateral movement across the victim’s network to compromise as many endpoints as possible. This includes critical assets like the domain controllers, which could take between several minutes to several hours to properly infiltrate. Ransomware capabilities were deployed early in the hacking operation, but it was not immediately detonated. The ransomware was designed to detonate only after preliminary stages of the attack finished across all compromised endpoints in order to achieve maximum impact on the victim.
This operational attack pattern attempts to impact as many victim assets as possible, representing a higher risk to organisations compared to ransomware attacks that impact the single machine they initially access. However, this operational pattern also represents an opportunity for defenders with a rapid detection and response process to detect the attack at its early stages and respond effectively before ransomware is able to impact the environment.
Given the results of this research, Cybereason concludes that multistage ransomware attacks on critical infrastructure providers are increasingly dangerous and more prevalent.
Read the full report here.
Read the article online at: https://www.worldpipelines.com/business-news/11062020/cybereason-attacks-on-critical-infrastructure-are-increasingly-dangerous/