Attivo Comment: Sinclair Broadcast Group Victims of Ransomware Attack
October 2021 by Tony Cole, CTO at Attivo Networks
Following the recent news that the U.S broadcasting parent company Sinclair Broadcast Group were the victims of a ransomware attack, Tony Cole, CTO at Attivo Networks, offers the following comment;
“Ransomware is a fast and lucrative method of attack. It’s not that difficult for cybercriminals to masquerade as a legitimate user using the credentials they stole on?from the initial incursion. With that user’s credentials, they?conduct?queries to find targets in the enterprise Active Directory system, steal more credentials with elevated privileges,?and rinse and repeat until they have?gained access to their?target. Then,?in the case of?Sinclair Broadcast Group, they can steal corporate data, encrypt systems,?gain control over security settings,?and begin the hostage process for a ransom.
??
To counter these challenges, organizations must understand that they can’t prevent all attacks. They must put in place systems that detect?in-network?lateral movement?and credential misuse, look for privilege escalation, and protect?identity management?systems such as Active Directory.?Without this visibility, we will?continue to read about these large successful ransomware attacks for the foreseeable future.”?