Act now to prevent ransomware strikes, NCSC warns.
Criminal ransomware gangs have no moral or ethical compass; we have seen that proven time and time again in attacks aimed directly at blood banks and even hospitals. The latest target, however, would appear to be the retail sector in the U.K. with devastating ransomware attacks disrupting the business of high-street names such as Marks & Spencer and The Co-Op, even global luxury brands such as Harrods have not escaped the cybercrime crosshairs. With threat actors such as The ToyMaker specialising in the acquisition of compromised passwords and stolen 2FA codes to facilitate initial access to target systems, it has never been more important to take action to prevent becoming yet another ransomware statistic. The U.K. government’s National Cyber Security Centre has now issued a security warning concerning the dangers of the latest attacks and has recommended six critical mitigations. Here’s what you need to know and do as a matter of some urgency.
NCSC Issues Ransomware Attack Security Warning
The NCSC works with law enforcement, intelligence and security agencies within the U.K. as well as with international partners in order to “provide effective incident response to minimise harm to the U.K., help with recovery, and learn lessons for the future,” when it comes to the threat from cyber attacks of all kinds. It should come as no surprise that it has been heavily involved, therefore, with the ongoing ransomware attacks against the retail sector. Although, at this stage of the investigations, it is has not been possible to say if the attacks are linked to a single threat actor or the result of opportunistic attacks, even maybe a vulnerability in a shared service provider within the supply chain of the victims, what the NCSC has been able to do is issue an advisory with recommended mitigations that should be applied immediately.
Authored by the NCSC’s national resilience director, Jonathon Ellison, and chief technology officer, Ollie Whitehouse, two of the best in the cybersecurity business, you would be well advised to take note and apply the mitigations as soon as possible if you are in the retail sector, and adapt them where applicable to other businesses.
- Deploy and enable two-factor authentication.
- Enhance monitoring against unauthorized account misuse, especially concerning potentially compromised Microsoft Entra ID Protection sign-ins.
- Check if access is legitimate where domain admin, enterprise admin, cloud admin accounts are concerned.
- Review your helpdesk password reset processes.
- Identify logins from atypical sources.
- Analyse techniques, tactics and procedures sourced from threat intelligence rapidly whilst being able to respond accordingly.
Above all else, do not ignore this security warning from the NCSC, no matter what country you are in, or what your organization does, unless you want to become another victim of the ransomware plague.
