They thought they were all set. They patched the Exchange Server. They ran Microsoft’s testing script to find out whether the server had been exploited. Nope, the test concluded, you’re clean as a whistle. So how did this unnamed organization wind up having been exploited via ProxyLogon?
“It turns out that they were using an earlier version of that testing script,” SophosLabs Principal Researcher Andrew Brandt recounted about a cyberattack SophosLabs was called in to help out with. “And when they updated it to a later version, it actually showed, ‘Oh, no, you’ve actually been exploited.'”
How aggravating, and how damaging, such a minor slip like that can be. Thought you were patched? Sorry, you were wrong. It’s just one real-life example of myriad missteps organizations make that set them up for a ransomware attack. It’s like the old adage goes: Defenders have to be right 100 percent of the time, but the attackers just need one time out of a million to sneak in.
In this episode of Threatpost Podcast, I had the pleasure of chatting with Brandt about what makes organizations sitting ducks for ransomware threat actors, what steps could help them to protect themselves, and what’s stopping them from implementing those steps. Make sure to check out his latest report, Relentless REvil, revealed: RaaS as variable as the criminals who use it.
Download the podcast here or listen to the episode below.
Join Threatpost for “Tips and Tactics for Better Threat Hunting” — a LIVE event on Wed., June 30 at 2:00 PM ET in partnership with Palo Alto Networks. Learn from Palo Alto’s Unit 42 experts the best way to hunt down threats and how to use automation to help. Register HERE for free.