CEOs: your main exposure to ransomware comes from the ease of spreading within an organization, getting "domain admin". Just hire a pentester, give them an account on a typical employee desktop, and ask them to get domain admin.
"DarkSide" is simply a bunch of standard pentesters. They are doing the same sorts of things like running mimikatz. They& #39;ll find simple errors. Hire pentesters, give them a standard employee desktop, watch how they spread and get admin credentials.
I hate simple proscriptions like "just use multifactor authentication". Your problems might be different. For example, maybe your problem is that you& #39;ve got the same local admin credentials in the image for all your desktop builds.
I hate all simple proscriptions because you can become compliant with them while missing the entire point. "Oh, it& #39;s just an IAM issue". Well, no, that& #39;s like saying rocket engines are just a "fuel burning" issue. There& #39;s important details on just HOW this is done.
RDP is an incredibly common entry point. I can come up with glib proscriptions on how to secure it -- but that& #39;s not enough. I need to first understand what value to get from RDP and how to secure it while preserving that value. https://twitter.com/uncl3dumby/status/1391824084757925892">https://twitter.com/uncl3dumb...
Lack of network segmentation is HUGE, with a lot of bang for little buck. I see a lot of resistance to it. I& #39;m not sure if the reason is because I don& #39;t understand their concerns, or if they don& #39;t understand the value/costs. (I shouldn& #39;t assume the latter) https://twitter.com/haroldsmith3rd/status/1391824687685120001">https://twitter.com/haroldsmi...