{"id":785718,"date":"2024-08-06T08:50:06","date_gmt":"2024-08-06T06:50:06","guid":{"rendered":"https:\/\/businesstech.co.za\/news\/?p=785718"},"modified":"2024-08-06T08:50:11","modified_gmt":"2024-08-06T06:50:11","slug":"human-operated-ransomware-your-business-next-cyber-threat","status":"publish","type":"post","link":"https:\/\/businesstech.co.za\/news\/industry-news\/785718\/human-operated-ransomware-your-business-next-cyber-threat\/","title":{"rendered":"Human-operated ransomware &#8211; Your business\u2019 next cyber threat"},"content":{"rendered":"\n<p><em>By Armand Kruger, Head of Cyber Security, NEC XON<\/em><\/p>\n\n\n\n<p>Ransomware attacks are a well-known threat, but human-operated ransomware (HOR) has emerged as an especially insidious danger.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/www.nec.africa\/?utm_source=BusinessTech&amp;utm_medium=Article&amp;utm_term=August+2024\" target=\"_blank\" rel=\"noreferrer noopener\">Click here to learn how NEC XON can help you protect against human-operated ransomware.<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<p>Unlike automated ransomware, HOR uses a methodical and strategic approach by a human operator.&nbsp;<\/p>\n\n\n\n<p>This form of ransomware is increasing, too, as <strong><a href=\"https:\/\/cdn-dynmedia-1.microsoft.com\/is\/content\/microsoftcorp\/microsoft\/final\/en-us\/microsoft-brand\/documents\/MDDR-executivesummary-Oct2023.pdf?utm_source=BusinessTech&amp;utm_medium=Article&amp;utm_term=August+2024\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft researchers<\/a><\/strong> noted a 200% increase in HOR attacks between September 2022 and October 2023.\u00a0<\/p>\n\n\n\n<p>The severity of HOR is exemplified by the attack on <strong><a href=\"https:\/\/www.upguard.com\/blog\/what-caused-the-medibank-data-breach?utm_source=BusinessTech&amp;utm_medium=Article&amp;utm_term=August+2024\" target=\"_blank\" rel=\"noreferrer noopener\">Medibank<\/a><\/strong>, where 9.7 million customers&#8217; data was stolen.\u00a0<\/p>\n\n\n\n<p>To help businesses protect themselves, we explore HOR&#8217;s distinctions, dangers, and defence strategies.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What sets human-operated ransomware apart?<\/h2>\n\n\n\n<p>HOR attacks start long before the ransomware is deployed.&nbsp;<\/p>\n\n\n\n<p>Operators must first infiltrate a network and establish a foothold using compromised credentials harvested through phishing campaigns, exploiting vulnerable internet-facing systems, or sending malicious emails.&nbsp;<\/p>\n\n\n\n<p>These operators target internet-facing authentication systems that lack multi-factor authentication (MFA) and attempt to exploit these vulnerable systems.&nbsp;<\/p>\n\n\n\n<p>The key difference between HOR and automated attacks is the hands-on involvement of skilled cybercriminals who adjust their tactics in real-time, responding to defensive measures.&nbsp;<\/p>\n\n\n\n<p>Attackers sometimes spend weeks or months within a network, conducting reconnaissance and positioning themselves for the final ransomware deployment.&nbsp;<\/p>\n\n\n\n<p>They are indistinguishable from competent IT professionals, making detection and prevention challenging.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Identifying early signs of human-operated ransomware<\/h2>\n\n\n\n<p>To defend against HOR, businesses must adopt a proactive stance, continually monitoring for signs of intrusion.&nbsp;<\/p>\n\n\n\n<p>Early indicators of a HOR attack include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Unusual login patterns<\/li>\n\n\n\n<li>Unauthorised access attempts<\/li>\n\n\n\n<li>Unexplained system configuration changes<\/li>\n\n\n\n<li>Unusual tools &amp; files on servers<\/li>\n<\/ul>\n\n\n\n<p>Detecting compromised credentials early is crucial.\u00a0<\/p>\n\n\n\n<p>Immediate action, such as changing passwords, limiting access, enforcing MFA on all internet-facing services and reducing the number of internet-facing systems can hinder the attacker&#8217;s opportunities.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Building robust defences against human-operated ransomware<\/h2>\n\n\n\n<p>NEC XON helps customers defend against HOR using anticipation, prevention, detection, and brutal response. Key defences include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cyberthreat anticipation<\/strong> &#8211; Regular external reconnaissance to identify potential adversarial intrusion points.\u00a0<\/li>\n\n\n\n<li><strong>Preventative measures<\/strong> &#8211; Implementing strong access controls and minimising internet-exposed systems.<\/li>\n\n\n\n<li><strong>Detection systems<\/strong> &#8211; Deploying advanced monitoring tools to identify unusual activities early with decisive incident response actions.<\/li>\n\n\n\n<li><strong>Adversarial tactics understanding<\/strong> &#8211; Training security teams to recognize and neutralise sophisticated threats.<\/li>\n<\/ul>\n\n\n\n<p>Businesses must respond swiftly to any indication of HOR activity, isolating and neutralising suspicious accounts by disabling and changing credentials to disrupt the attacker\u2019s access.<\/p>\n\n\n\n<p>NEC XON has extensive experience helping businesses thwart HOR attacks through swift responses.&nbsp;<\/p>\n\n\n\n<p>For instance, an African government entity regained control after NEC XON methodically identified and eliminated the threat actor&#8217;s access points, isolating and addressing every vulnerability.<\/p>\n\n\n\n<p>Employee awareness and training are also crucial in mitigating HOR risks.&nbsp;<\/p>\n\n\n\n<p>Educating privileged employees such as IT administrators on recognizing early signs of HOR and suspicious activities reduces the success rate of adversaries by allowing the cyber team to respond rapidly.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Common vulnerabilities, recovery, and future prevention<\/h2>\n\n\n\n<p>HOR attackers typically abuse third-party data leaks, weak passwords, lack of MFA, and unpatched internet-facing systems.&nbsp;<\/p>\n\n\n\n<p>Businesses can address these by implementing regular external reconnaissance of their perimeter, limiting internet-facing systems and implementing a comprehensive privileged access strategy with MFA.<\/p>\n\n\n\n<p>For businesses that have fallen victim to HOR, the recovery process involves regaining control of compromised systems and closing security gaps.&nbsp;<\/p>\n\n\n\n<p>Quick action, effective stakeholder communication, and rigorous crisis management are essential.<\/p>\n\n\n\n<p>HOR represents a formidable challenge, requiring a proactive and multi-layered defence strategy.&nbsp;<\/p>\n\n\n\n<p>Continuous vigilance, employee training, and a swift, decisive response to any signs of intrusion are key to protecting businesses from HOR&#8217;s devastating impact.&nbsp;<\/p>\n\n\n\n<p><strong><a href=\"https:\/\/www.nec.africa\/?utm_source=BusinessTech&amp;utm_medium=Article&amp;utm_term=August+2024\" target=\"_blank\" rel=\"noreferrer noopener\">Click here to learn how NEC XON can help you protect against human-operated ransomware.<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The alarming rise of human-operated ransomware poses a major threat to your organisation.<\/p>\n","protected":false},"author":57,"featured_media":785719,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10459],"tags":[20349,15232,20348],"class_list":["post-785718","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry-news","tag-human-operated-ransomware","tag-nec-xon","tag-ransomware-attacks"],"_links":{"self":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/785718","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/users\/57"}],"replies":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/comments?post=785718"}],"version-history":[{"count":1,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/785718\/revisions"}],"predecessor-version":[{"id":785720,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/785718\/revisions\/785720"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/media\/785719"}],"wp:attachment":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/media?parent=785718"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/categories?post=785718"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/tags?post=785718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}