Ransomware

US-Based Hybrid Clouds Subjected to Storm-0501 Attacks

U.S. organizations, including those in the government, law enforcement, manufacturing, and transportation sectors, had their hybrid cloud environments targeted by the Storm-0501 ransomware-as-a-service operation for subsequent lateral movement, data and credential exfiltration, and ransomware deployment activities, reports SC Media.

After exploiting compromised devices' admin privileges, Storm-0501 proceeds to leverage other tools, including Impacket's SecretsDump module, to obtain additional credentials and non-human identities that it could use to breach other devices across the network, according to an analysis from Microsoft Threat Intelligence.

Such a development should prompt organizations to bolster NHI visibility and contextualization within their cloud environments, noted Entro Security co-founder and CEO Itzik Alvas. Organizations' security teams have also been urged by Keeper Security Vice President of Security and Architecture Patrick Tiquet to bolster credentials as part of a zero-trust strategy.

"Security teams should prioritize strengthening password policies by enforcing strong, unique credentials for every account and implementing multi-factor authentication across all systems," Tiquet added.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

You can skip this ad in 5 seconds