So how does ransomware fit into Active Directory security?
So ransomware, I like to say, is like natural disasters or shuttle launches in the news. No one's really paying attention. But they're still happening. And ransomware is still out there.
What we're seeing, though, is that cyber criminals aren't going for the masses anymore. They're targeting their approach. I like to call it account-based ransomware campaigns.
And SamSam is a perfect example. Over the last three years, this variant has netted the cybersecurity gang behind it $6 million. And in 2018, they targeted 67 organizations. So this isn't a spray-and-pray approach used by entry-level hackers. This is meticulous research and exploiting known vulnerabilities at their target sites, and using stolen credentials from spear phishing.
I mentioned earlier that they're weaponizing artificial intelligence to help increase their spear phishing rate, from 1% all the way up to 20% effectiveness. And they're pairing ransomware with other tools, like [? mimic-cats, ?] to steal account log-in information from memory and other known hacking exploits to create self-propagating worms that target entire networks, even the backups.
And so for organizations, we recommend that they take a least-privileged model approach to Active Directory security, and understand exactly who has access to what. And they should also apply threat detection on top of that, so that they can spot this suspicious activity and stop it in its tracks.
01:55