Microsoft advises security teams and admins at organizations that
\nmight be targeted in the future by this type of ransomware campaigns to take defensive measures designed to bock common attack techniques or at
\nleast dramatically reduce their effectiveness.<\/p>\n
The Microsoft Defender Advanced Threat Protection (ATP) Research Team recommends implementing these mitigation measures against human-operated ransomware attacks<\/a>:<\/p>\n – Apply latest security updates<\/p>\n – Use threat and vulnerability management<\/p>\n – Perform regular audit remove privileged credentials<\/p>\n \u2022 Thoroughly investigate and remediate alerts:<\/strong><\/p>\n – Prioritize and treat commodity malware infections as potential full compromise<\/p>\n \u2022 Include IT Pros in security discussions:<\/strong><\/p>\n – Ensure collaboration among SecOps, SecAdmins, and IT admins to configure servers and other endpoints securely<\/p>\n \u2022 Build credential hygiene:<\/strong><\/p>\n – Use MFA or NLA, and use strong, randomized, just-in-time local admin passwords<\/p>\n – Apply principle of least-privilege<\/p>\n \u2022 Monitor for adversarial activities:<\/strong><\/p>\n – Hunt for brute force attempts<\/p>\n – Monitor for cleanup of Event logs<\/p>\n – Analyze logon events<\/p>\n \u2022 Harden infrastructure:<\/strong><\/p>\n – Use Windows Defender Firewall<\/p>\n – Enable tamper protection<\/p>\n – Enable cloud-delivered protection<\/p>\n – Turn on attack surface reduction rules and AMSI for Office VBA<\/p><\/div>\n https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-shares-tactics-used-in-human-operated-ransomware-attacks\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Defense measures against human-operated ransomware attacks Microsoft advises security teams and admins at organizations that might be targeted in the future by this type of ransomware campaigns to take defensive measures designed to bock common attack techniques or at least dramatically reduce their effectiveness. The Microsoft Defender Advanced Threat Protection (ATP) Research Team recommends implementing … Lire la suite<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[10],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7ALXt-Xz","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/posts\/3693"}],"collection":[{"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/comments?post=3693"}],"version-history":[{"count":1,"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/posts\/3693\/revisions"}],"predecessor-version":[{"id":3694,"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/posts\/3693\/revisions\/3694"}],"wp:attachment":[{"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/media?parent=3693"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/categories?post=3693"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/werle.pro\/index.php\/wp-json\/wp\/v2\/tags?post=3693"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}