The Lockbit Ransomware gang has taken credit for the ransomware attack on Entrust, a digital security giant. In June 2022, Entrust began notifying customers that they suffered a cyberattack where data was stolen from internal systems.
It appears that the ransomware group attacked Entrust after purchasing access to the corporate network through “network access sellers.”
After further research on network access sellers, it appears that the number of malicious actors offering vulnerable network information have been tripling in the past few years, bringing to light the concerning fact that not only are actors aware of company breaches long before the company itself finds out, but they can use this information to operate an entire underground business, selling these highly sensitive vulnerabilities to malicious purchasers.
Looking into the issue for Digital Journal is Keith Neilson, Technical Evangelist at CloudSphere. Neilson considers why the issue took so long to come to light and what this says about the detection abilities of firms.
Neilson begins by emphasising the importance of establishing a broad overview within a firm to guard against cyberattacks: “It is a concerning realization that businesses’ vulnerabilities are found and secretly extorted long before they are even made aware of these flaws. Without holistic awareness of the company’s IT infrastructure, unknown vulnerabilities such as this one can be found and extorted for the personal gain of the malicious network access purchaser.”
Neilson adds that the primary safeguard is for companies to undertake a root and branch review of their systems and procedures: This attack exemplifies that one step organizations must maintain an in-depth view of the entirety of their IT estate to help mitigate and prevent cybersecurity risks. This requires the implementation of a robust cyber asset management strategy.”
Another important decision relates to the use of technology. However, care must be taken when selecting the appropriate cybersecurity systems. Here Neilson advises: “When investing in a cyber asset management platform, companies must ensure that it provides comprehensive, real-time observability of their entire IT environment to stay apprised of abnormalities and keep the entire attack surface secure.”
Neilson’s final advice is: “With comprehensive visibility into their entire IT Estate, companies can operate with confidence knowing that they can remediate issues before they are exploited.”