ZScaler’s Brett Stone-Gross on the Tactics of the Dark Angels Ransomware Group (Black Hat Edition)
Manage episode 436577377 series 3505151
In our latest special episode of the Future of Threat Intelligence podcast, Brett Stone-Gross, Senior Director of Threat Intelligence at Zscaler, joins us at the Black Hat conference. He shares their uncovering of the largest ransomware payment in history — $75 million — made by a Fortune 50 company to the Dark Angels group.
Brett explains the group's unique approach, which involves stealing vast amounts of data without encrypting files, and their preference for low-volume, high-impact attacks to evade media scrutiny. He also highlights essential cybersecurity measures, such as implementing two-factor authentication and adopting a zero-trust architecture to protect against such threats.
Topics discussed:
- How the Dark Angels group executed the largest ransomware payment in history, totaling $75 million.
- How, unlike typical ransomware attacks, the group stole data without encrypting files, exfiltrating approximately 100 terabytes of sensitive information.
- How their operational model is low-volume, focusing on individual companies to avoid media attention and maintain a low profile.
- The importance of basic IT hygiene practices, such as two-factor authentication, which are crucial for preventing significant data breaches and ransomware attacks.
- How implementing a zero-trust architecture can help organizations limit lateral movement and enhance overall cybersecurity defenses against threats.
Key Takeaways:
- Implement two-factor authentication to enhance security and reduce the risk of unauthorized access to sensitive corporate data.
- Monitor network traffic for anomalous behavior, especially large data transfers, to quickly identify potential data exfiltration attempts.
- Adopt a zero-trust architecture to limit lateral movement within your network and ensure users only access necessary resources.
- Limit user privileges, ensuring that users have only the access necessary for their roles.
- Stay informed about emerging ransomware trends and tactics to proactively adjust your cybersecurity strategies and defenses.
If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0
67 episode