We have provided specific guidance to the retail sector, but we believe by following best practice, all companies and organisations can minimise the chances of falling victim to actors like this.
As well as following NCSC guidance on mitigating malware and ransomware attacks, organisations are strongly encouraged to:
- Ensure 2-step verification (multi-factor authentication) is deployed comprehensively
- Enhance monitoring against unauthorised account misuse; for example, looking for ‘risky logins’ within Microsoft Entra ID Protection, where sign-in attempts have been flagged as potentially compromised due to suspicious activity or unusual behaviour, especially where the detection type is 'Microsoft Entra Threat intelligence'
- Pay specific attention to domain admin, enterprise admin, cloud admin accounts, and check if access is legitimate
- Review helpdesk password reset processes, including how the helpdesk authenticates staff members credentials before resetting passwords, especially those with escalated privileges
- Ensure your security operation centres can identify logins from atypical sources such as VPNs services in residential ranges through source enrichment and similar
- Ensure that you have the ability to consume techniques, tactics and procedures sourced from threat intelligence rapidly whilst being able to respond accordingly.
Criminal activity online – including, but not limited to, ransomware and data extortion – is prolific. Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared.
