Microsoft has released its new annual Digital Defense Report (link is below), underscoring that that threat actors have rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets. Among key finding: ransomware continues to grow as a major threat – in some instances, cybercriminals went from initial entry to ransoming the entire network in under 45 minutes. In response, a Stealthbits expert offers perspective.
The speed at which a targeted ransomware attack can happen is really determined by one thing: how quickly an adversary can compromise administrative privileges in Microsoft Active Directory. Going from initial infiltration to total ownership of Active Directory can be a matter of seconds. Once these privileges are compromised, an adversary’s ability to deploy ransomware to all machines joined to Active Directory is unfettered, which explains how an adversary can go from initial infiltration to total ransomware infection in such a short period of time.