Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks

Keith Prabhu – Founder and CEO has been quoted in the article below.

Here are some of his key inputs:

Ransomware actors like Storm-1175 have an implicit advantage that they can target victims pretty quickly after n-day vulnerabilities are disclosed. Further, due to the speed at which ransomware can be created using tools like AI, ransomware actors have a head start. On the other hand, enterprises have to follow a time consuming process to test and deploy patches so that their technology stack does not break. This leave open a window of opportunity for ransomware actors to exploit.

Today’s enterprise systems are complex with several surface attack vulnerabilities. Most internet-exposed systems use opensource libraries which also need to be tracked and patched in a timely manner. A smart attacker like Storm-1175 can quickly fingerprint such systems and develop custom attacks chaining multiple exploits. Efficient Patch Management of this complex technology stack is the biggest weakness in enterprise attack surface management today, especially for internet-exposed systems.

Further, defending against use of zero-day vulnerabilities is a tall order. Going back to the basics of security is key to managing the pre-patch window risks. The key aspects to manage here are defence in depth, patch management, incidence response, backup and disaster recovery. If you take care of these “routine” and “mundane” tasks, they will find it easier to hand zero-day attacks.

https://www.csoonline.com/article/4154934/microsoft-says-medusa-linked-storm-1175-is-speeding-ransomware-attacks.html