"Routine mergers and acquisitions are giving extortionists an easy way in, with Akira affiliates reaching parent networks through compromised SonicWall gear inherited in the deal. In every Akira attack the threat detection firm analyzed between June and October that involved buggy SonicWall SSL VPN appliances, the ransomware operators gained access to the bigger, acquiring enterprises because they had already compromised the smaller companies' SonicWall gear."
"Besides having M&A in common, all of the Akira ransomware infections also shared these three things: zombie privileged credentials, default or predictable hostnames, and a lack of endpoint protection. So if you don't want to fall victim to this or other ransomware operations - especially if your company is undergoing mergers and acquisitions - make sure to close up those security gaps in your IT environment."
Mergers and acquisitions can transfer compromised SonicWall SSL VPN and firewall devices from smaller targets into acquiring enterprises, providing attackers a path into larger networks. Akira affiliates exploited buggy SonicWall firewalls and SSL VPN misconfigurations to access vulnerable devices and execute ransomware and data-stealing operations. Attack campaigns consistently leveraged zombie privileged credentials, default or predictable hostnames, and absent endpoint protection. After gaining network access via compromised SonicWall devices, attackers searched for privileged accounts moved during acquisition processes. Organizations undergoing acquisitions should inventory inherited devices, remediate vulnerabilities, reset credentials, and deploy endpoint protection to reduce ransomware exposure. Investigators declined to disclose incident counts.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]