CIO OPINION credentials through phishing campaigns or exploiting third-party data breaches . Attackers often target Internet-facing authentication systems , such as VPNs , which frequently lack multi-factor authentication .
The distinction between human-operated ransomware and automated attacks lies in the hands-on involvement of skilled cybercriminals . Unlike automated attacks that rely on pre-set instructions , human operators can adjust their tactics on the fly , responding to defensive measures taken by the target .
They possess a deep understanding of IT environments and exploit this knowledge to maximise their impact . They plan ahead , exercise patience , explore corporate IT estates to gain as much control as possible and adapt to detection efforts in real-time , making them significantly more disruptive and challenging to neutralise .
Attackers typically spend weeks or even months within a network , conducting reconnaissance and positioning themselves for the final , devastating ransomware deployment . This extended presence allows them to identify and exploit critical vulnerabilities , making it difficult for businesses to detect and eliminate the threat before significant damage is done .
To defend against human-operated ransomware , businesses must adopt a proactive stance , continually monitoring for signs of intrusion . This means placing themselves in the mindset of a threat actor and rigorously examining their own systems for vulnerabilities .
Early indicators of a human-operated ransomware attack can include :
• Detection systems : Deploying advanced monitoring tools to identify unusual activities early .
• Adversarial tactics understanding : Training a team capable of recognising and neutralising sophisticated threats .
Businesses must respond swiftly and decisively , even brutally to any indication of human-operated ransomware activity . This includes isolating and neutralising suspicious or compromised accounts , often by disabling and changing credentials multiple times to disrupt the attacker ’ s access . By removing the attacker ’ s tools and access , businesses can effectively remove the oxygen needed for the ransomware to spread .
Employee awareness and training play crucial roles in mitigating the risks of human-operated ransomware . Attackers often begin with unauthorised access , followed by situational awareness and lateral movement within the network . By educating employees on recognising phishing attempts and suspicious activities , businesses can reduce the risk of initial compromise .
Human-operated ransomware attackers exploit various vulnerabilities , such as weak passwords , lack of multi factor authentication , and unpatched systems . Businesses can address these by implementing robust security practices , including regular software updates , strong password policies , and comprehensive access controls .
For businesses that have already fallen victim to human-operated ransomware , but have not had the
• Unusual login patterns
• Unauthorised access attempts
• Unexplained changes in system configurations
One of the most effective early warning signs is the detection of compromised credentials . If credentials are found to be compromised , immediate action should be taken to change passwords and limit further access . Minimising the number of Internetfacing systems can also reduce the avenues available to attackers , making it harder for them to exploit compromised credentials .
Specialised partners can help customers defend against human-operated ransomware using anticipation , prevention , detection , and brutal response :
• Cyberthreat anticipation capability : Regular reconnaissance to identify potential threats .
• Preventative measures : Implementing strong access controls and minimising exposed systems .
www . intelligentcio . com INTELLIGENTCIO AFRICA 39