Microsoft Security shared three main problems found during ransomware attacks.
Ransomware attacks are increasing year by year! Every other day, there is some piece of news warning the public about the threat to their personal data which often leads to financial loss. However, several cyber security firms and researchers are coming up with security protocols to improve cyber defence. However, the threat of ransomware and extortion is becoming more audacious with attacks targeting governments, businesses, and critical infrastructure too. Ransomware is basically a type of malware that locks the user out of their files or their device and the hackers demand payment to restore access to information.
Microsoft conducted an investigation during ransomware recovery engagements which revealed that 93 percent of those who have been attacked have insufficient privilege access and lateral movement controls. The cyber criminals take advantage of these security weaknesses and share common attack patterns and techniques. Hence, to combat and prevent attacks of these ransomware techniques, Microsoft Security has identified three main problems that led to ransomware attacks.
Weak identity controls
Human-operated ransomware continues to evolve and employ credential theft and lateral movement methods traditionally associated with targeted attacks. In 88 percent of engagements identified by Microsoft, MFA was not implemented for sensitive and highly privileged accounts, leaving a security gap for attackers to compromise credentials and pivot further attacks using legitimate credentials.
Ineffective security operations
Organizations which suffered ransomware attacks have significant gaps in their security operations, tooling, and information technology asset lifecycle management. 68 percent of impacted organizations did not have an effective vulnerability and patch management process, and a high dependence on manual processes versus automated patching led to critical openings.
84 percent of impacted organizations did not enable integration of their multi-cloud environments into their security operations tooling. Lack of an effective response plan was a critical area observed in 76 percent of impacted organizations, preventing proper organizational crisis readiness and negatively impacting time to respond and recover.
Limited data protection
Many compromised organizations lacked proper data protection processes leading to a severe impact on recovery times and the capability to return to business operations. Attackers usually find their way to compromise systems via exploiting vulnerabilities in the organization, exfiltrating critical data for extortion, intellectual property theft, or monetization. 92 percent of impacted organizations did not implement effective data loss prevention controls to mitigate these risks, leading to critical data loss.