Accenture Ransomware Attack – Experts Comments

BACKGROUND:

VX underground is claiming that Accenture has been attacked by the Lockbit ransomware group, having left sensitive data exposed, and that Lockbit intends to leak the data. Further, cybersecurity researchers with Hudson Rock have disclosed findings of compromised Accenture and partner computers.

Subscribe
Notify of
guest

3 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Steven Hope
Steven Hope , CEO and co-founder
InfoSec Expert
August 12, 2021 11:43 am

<p>While the technical details of the Accenture attack are still unknown it does emphasise that anybody is a target. Ransomware is usually the result of an initial attack such as phishing, although this may have been a more straight forward “inside job”. Regardless of how this attack actually played out, which we should learn in the fulness of time, the number one way to prevent these and other prevalent attacks is to protect your credentials. This should involve modern password security processes (not complexity) with continuous breach database monitoring and/or passwordless MFA; if not who knows who could be next.</p>

Last edited 1 year ago by Steven Hope
Sam Curry
Sam Curry , Chief Security Officer
InfoSec Expert
August 12, 2021 11:41 am

<p>From initial reports, kudos may be in order for Accenture for being prepared for ransomware, the scourge of the Internet. They deployed backups and eliminated most, if not all the potential damage these attacks have caused. My advice for SMEs is to decide first and foremost on the basis of safety, customers first and the public good. Next, if possible, don’t pay. Not only does it fund a reprehensible group and parasites, but it rarely gets you back to a good place operationally. And finally, focus on getting through this in an open, transparent, honest way. You can be a hero or villain in the public eye, make sure you do the right thing because you will be judged after the fact based on how you handle this much more than you will on the fact that you were hit.</p>
<p>Nothing is 100 percent preventable, but ransomware attacks can be managed and most often stopped. There are 5 things that companies should take into consideration to stop ransomware.</p>
<p>1. Get ready on the business front, preparing in peace time for the unthinkable event.</p>
<p>2. Have the right practices in place technically like closing vulnerabilities, identity hygiene, strong general policies, backup and recovery practices, and so on. This is the “reducing the target” step.</p>
<p>3. Deploy prevention that works, like next-generation antivirus and explicit anti-ransomware technology.</p>
<p>4. Have an EDR, MDR or XDR strategy. Ransomware is spread using the old APT toolkit — the operations that penetrate networks and plant ransomware like explosives can be hamstrung and stopped as they spread.</p>
<p>5. Finally, test a lot. Test backups. Tabletop disasters. Practice and use incident response muscle, tools, people, and processes.</p>

Last edited 1 year ago by Sam Curry
Ron Bradley
InfoSec Expert
August 12, 2021 11:38 am

<p>This is a prime example of the difference between business resiliency and business continuity. Business resiliency is like being in a boxing match, you take a body blow but can continue the fight. Business continuity comes into play when operations have ceased or severely impaired and you have to make major efforts to recover.</p>
<p>This particular example with Accenture is interesting in the fact that it was a known/published vulnerability. It highlights the importance of making sure systems are properly patched in a timely manner.  The ability for Accenture to manage the repercussions of potentially stolen data will be an important lesson for many organizations going forward.</p>

Last edited 1 year ago by Ron Bradley
Information Security Buzz
3
0
Would love your thoughts, please comment.x
()
x