U.S. organizations, including those in the government, law enforcement, manufacturing, and transportation sectors, had their hybrid cloud environments targeted by the Storm-0501 ransomware-as-a-service operation for subsequent lateral movement, data and credential exfiltration, and ransomware deployment activities, reports SC Media.
After exploiting compromised devices' admin privileges, Storm-0501 proceeds to leverage other tools, including Impacket's SecretsDump module, to obtain additional credentials and non-human identities that it could use to breach other devices across the network, according to an analysis from Microsoft Threat Intelligence.
Such a development should prompt organizations to bolster NHI visibility and contextualization within their cloud environments, noted Entro Security co-founder and CEO Itzik Alvas. Organizations' security teams have also been urged by Keeper Security Vice President of Security and Architecture Patrick Tiquet to bolster credentials as part of a zero-trust strategy.
"Security teams should prioritize strengthening password policies by enforcing strong, unique credentials for every account and implementing multi-factor authentication across all systems," Tiquet added.
