The attack commenced with an employee inadvertently downloading SectopRAT malware while interacting with a fake security prompt on a compromised website. Over 42 days, the attackers exploited multiple privileged accounts, utilized RDP, SSH, and SMB protocols, and eventually exfiltrated nearly one terabyte of sensitive data. The ransomware deployment led to a complete operational halt across three separate networks.
Despite the company’s implementation of two endpoint detection and response solutions, critical malicious activities went unnoticed due to insufficient alert generation. The attackers not only deleted backup storage containers but also managed to navigate through the organization’s infrastructure undetected. A thorough investigation by Palo Alto Networks Unit 42 aimed to reconstruct the attack and lower the ransom demand significantly, underlying the importance of vigilant monitoring and alerting in cybersecurity practices.
👉 Pročitaj original: Cyber Security News
