One of the most commonly utilized attack surfaces is the endpoint. Providing the attacker with a foothold, a barrage of built-in utilities, a compromised user account, application access, and more, the endpoint is an all-too-valuable digital on ramp that every bad guy wants to have under their control.
This is especially true with modern ransomware attacks – whether initiated by a criminal group that created their own ransomware or just a would-be hacker using one of the many ransomware-as-a-service variants – the endpoint is nearly always the focus as your initial attack vector. Once compromised, ransomware attacks take similar paths, providing you with a blueprint of how to protect, mitigate, detect, investigate, and respond swiftly and accurately. This makes it important to see the endpoint as the pivotal point in attacks that requires protection, as well as to understand how to prevent and respond to ransomware attacks by learning bad guy tactics.
In this real-training-for-free session, Microsoft MVP and cybersecurity expert Nick Cavalancia takes my seat, discussing:
- Typical attacker assumptions about their target environment
- Common actions taken during a ransomware-turned-exfiltration attack
- Needed preventative measures to protect the organization, its’ users, and its’ data
- Planning your response should an attack succeed
Nick will be joined by Joe Carson, Chief Security Scientist & Advisory CISO at Thycotic, who will take you through the mind of a hacker and follow the footsteps that led to a damaging Crylock ransomware attack. Joe will look at tools and techniques cyber criminals use to hack endpoints, such as the WannaCry vulnerability, RDP Brute Force, Mimikatz, and Responder, and the paths they can take toward your enterprise infrastructure and data. Joe will walkthrough a recent attack, step-by-step, showing:
- How attackers gained access to system
- Established staging
- What tools were used
- What commands were executed
- How the ransomware was delivered
- How AD elevation was achieved
Joe will then cover some of the needed incident response steps, utilizing the same use case but from the viewpoint of defender, including:
- Detection, what triggered alert
- Finding what Cryptor was used
- Cleaning up systems
- Finding patient zero
Joe will also discuss some of the actions made by IT in this attack, highlighting how to ensure you’re best prepared for a ransomware attack.
This real training for free event will be jam packed with technical detail and real-world application. Register today!