A recent ransomware attack highlight the dangers of extraneous accounts sitting on your network – particularly those belonging to former employees.
Standard cyber hygiene calls for the purging of employees’ credentials accounts from a corporate network once they quit or are fired from their position. And on those occasions in which an employee dies, that same practice should apply. But according to a blog post this week from Sophos, attackers from the Nefilim ransomware gang recently infiltrated an unnamed company in part by compromising the admin account of a deceased employee who had passed away three months earlier.
According to Sophos, the Nefilim attackers exploited a vulnerability in Citrix software in order to hijack the deceased individual’s admin account. They then used the Mimikatz post-exploitation tool to swipe the credentials of an even higher-privileged domain admin account. Leveraging these privileges, the attackers then exfiltrated hundreds of GB worth of data, and then as a final flourish unleashed the ransomware, impacting more than 100 systems.
The Ne ..
Support the originator by clicking the read the rest link below.