Cyber criminality, including extortion and ransomware, is one of the most pervasive cyber threats facing UK organisations. It affects organisations of all sizes, from the largest, to the very smallest. No one is immune from this threat. It is both opportunistic and indiscriminate.
Criminals continue to adapt their business models to gain efficiencies and maximise profits, including a clear shift towards ‘ransomware as a service’ where criminals – often with little technical knowledge or skill comparably – are able to launch attacks using pre-developed tools. This includes tailoring their methods of attack depending on what is most likely to yield the most significant payments.
The National Cyber Security Centre (NCSC) is working with organisations affected by the recent incidents to understand the nature of the attacks and to minimise the harm done by them and providing advice to the wider sector and economy.
As well as following NCSC guidance on Mitigating malware and ransomware attacks, organisations are strongly encouraged to:
- ensure 2-step verification (multi-factor authentication) is deployed comprehensively
- enhance monitoring against unauthorised account misuse; for example, looking for ‘risky logins’ within Microsoft Entra ID Protection, where sign-in attempts have been flagged as potentially compromised due to suspicious activity or unusual behaviour, especially where the detection type is 'Microsoft Entra Threat intelligence'
- pay specific attention to Domain Admin, Enterprise Admin, Cloud Admin accounts, and check if access is legitimate
- review helpdesk password reset processes, including how the helpdesk authenticates staff members credentials before resetting passwords, especially those with escalated privileges
- ensure your security operation centres can identify logins from atypical sources such as VPNs services in residential ranges through source enrichment and similar
- ensure that you have the ability to consume techniques, tactics and procedures sourced from threat intelligence rapidly whilst being able to respond accordingly
Criminal activity online – including, but not limited to, ransomware and data extortion – is rampant. Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared.
Find out more by selecting the following link: Incidents impacting retailers – recommendations from the NCSC - NCSC.GOV.UK