Researchers Discover Landmark Ransomware Extortion: Automated SaaS Ransomware

 

A company’s SharePoint Online environment has been successfully targeted by the Omega ransomware group to extort money from it. This is instead of using compromised endpoints, the most common method of launching such attacks. The threat group appears to have infiltrated the unnamed company’s network using an administrator account with weak security and elevated permissions. It eventually snatched sensitive data from the victim’s SharePoint libraries with the help of a weak administrator account. As a result of the theft of data, a ransom was demanded from the victim as a means of extortion. 
Probably the first attack of its kind 
According to Glenn Chisholm, cofounder of the security firm Obsidian, which discovered the attack, most enterprise efforts to counter ransomware focus on endpoint protection mechanisms which is a means of protecting systems from ransomware infections. 
Chisholm explained that the only way companies have mitigated or prevented attacks by malicious ransomware groups is through investments in endpoint security. It is clear from this attack that endpoint security is not sufficient, as many companies now store and access their data via SaaS applications, something that was not the case previously. 
One of the victim orga

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: