If you’re following the reports of a RansomEXX “live attacker” cyber-attack that caused a recent outage at Konica Minolta, the global provider of business printing solutions, healthcare technology, and managed IT services, here’s the perspective from an expert with Stealthbits Technologies.

Hybrid attacks like the one Konica Minolta suffered present a different security challenge than the typical phishing or drive-by based malware attack. With a \”live\” attacker placing the ransomware inside the environment, they can target files that will cause the greatest loss and give them the best chance of getting their ransom. But it also presents a slim opportunity for the defenders to stop a malicious actor before they can execute the attack.
This puts more of an emphasis on tools that can quickly and accurately identify an intruder and isolate them before they can cause any harm. An advanced security analytics system, for example, could have identified the attackers by their behaviors while they were trying to establish their foothold, and given the SecOps team a chance to respond before the damage was done.
The theft of credentials and administrative privileges remains at the top of the list of techniques employed adversaries engaged in targeted operations. Every year, adversaries of less-and-less sophistication begin to adopt these techniques, exposing more sizes and types of organizations to them. Like firewalls and endpoint protection before them, strong protections for privileged access are now a must for everyone.