Tuesday Aug 27, 2024

ZScaler’s Brett Stone-Gross on the Tactics of the Dark Angels Ransomware Group (Black Hat Edition)

In our latest special episode of the Future of Threat Intelligence podcast, Brett Stone-Gross, Senior Director of Threat Intelligence at Zscaler, joins us at the Black Hat conference. He shares their uncovering of the largest ransomware payment in history — $75 million — made by a Fortune 50 company to the Dark Angels group. 

 

Brett explains the group's unique approach, which involves stealing vast amounts of data without encrypting files, and their preference for low-volume, high-impact attacks to evade media scrutiny. He also highlights essential cybersecurity measures, such as implementing two-factor authentication and adopting a zero-trust architecture to protect against such threats. 

 

Topics discussed:

  • How the Dark Angels group executed the largest ransomware payment in history, totaling $75 million.  
  • How, unlike typical ransomware attacks, the group stole data without encrypting files, exfiltrating approximately 100 terabytes of sensitive information.  
  • How their operational model is low-volume, focusing on individual companies to avoid media attention and maintain a low profile.  
  • The importance of basic IT hygiene practices, such as two-factor authentication, which are crucial for preventing significant data breaches and ransomware attacks.  
  • How implementing a zero-trust architecture can help organizations limit lateral movement and enhance overall cybersecurity defenses against threats.  

 

Key Takeaways: 

  • Implement two-factor authentication to enhance security and reduce the risk of unauthorized access to sensitive corporate data.  
  • Monitor network traffic for anomalous behavior, especially large data transfers, to quickly identify potential data exfiltration attempts.  
  • Adopt a zero-trust architecture to limit lateral movement within your network and ensure users only access necessary resources.  
  • Limit user privileges, ensuring that users have only the access necessary for their roles.  
  • Stay informed about emerging ransomware trends and tactics to proactively adjust your cybersecurity strategies and defenses.   

 

If you’re interested in Team Cymru’s latest research, download our “Voice of a Threat Hunter 2024” report here: https://www.team-cymru.com/voth2.0 

Comments (0)

To leave or reply to comments, please download free Podbean or

No Comments

Copyright 2022 All rights reserved.

Podcast Powered By Podbean

Version: 20240731