Story image

Security experts weigh in on Accenture ransomware attack

By Shannon Williams, Mon 16 Aug 2021

Accenture has been a victim of a LockBit ransomware attack, according to new reports.

The ACSC issued an advisory last week as the number of victim organisations of this type of ransomware continue to rise.  
Accenture is the second major company hit with a ransomware attack this week.

LockBit is threatening to share encrypted files on the dark web unless Accenture meets its ransom demands.

This attack is just the latest in ransomware attacks over the past year, which also included an attack on Gigabyte earlier this week. 

The LockBit ransomware restricts access to corporate files and systems by encrypting these assets into a locked and unusable format.

"Typically, victims receive instructions on how to engage with the offenders after encryption," says  Robert Nobilo, A/NZ regional sales director for Virsec.

"There has been a significant increase in ransomware attacks on critical workloads – a workload is typically any software or application that runs on a server, which houses the crown jewels of organisations," he says.

"Today, this is what the attackers are after; they are no longer focusing on endpoints. Billions of dollars are being spent on EDR tools that are unable to detect these attacks until it’s too late. 

"While you still need security tools to protect your endpoints, to make it harder for attacks to get in, more focus needs to be put on server workloads, which operate very differently to endpoints."
 
Nobilo says Virsec, has developed technology to protect these server workloads and prevent ransomware. 

"Ransomware is a scourge for today’s businesses and government agencies – but it doesn’t have to be," he adds.

In light of the Accenture attack, James Arlen, CISO at Aiven, has provided guidance to smaller organisations who will likely be concerned that a large organisation such as Accenture – which most probably has far greater security defences than many organisations – was subjected to such an attack.

“The fundamental concern for all organisations when contemplating ransomware attacks is tangled tightly into the defensive mindset - a defender has to be right all of the time, an attacker only needs to get lucky a few times," he says.

"There's no product or group of products you can buy that will solve the underlying problem of ransomware - despite what a salesperson promises!

“One of the most interesting aspects of the Accenture story - and also the easiest to solve for small-to-midsized organisations - is the concern around the insider threat," Arlen says.

"Everyone has had a job where they felt unfairly treated or squeezed by their employer. While the overwhelming majority find a way to gracefully exit a toxic relationship like that and move on, not everyone handles it with such grace. Some people tend to detonate prior to or just after departure," he says.

“In my experience, the simple fact is that "the harder you squeeze your employees, the more your organisation leaks". We have no idea what actually transpired at Accenture, but it is reasonable to think of a scenario where a micro-managing boss leaned too hard on an employee and the employee just didn't do as good a job as they could have," Arlen says.

"This is the opening that the attackers need - a place where you haven't done your best work."

Arlen says organisations need to build a resilient data management environment - able to resist local failure, able to resist regional failure, and able to resist temporal failure. 

"It appears that Accenture did have this type of system available and therefore weren't as much in a situation of having their data held for ransom as being extorted to prevent the release of their data," he says.

"Important for a smaller organisation is that you are able to be a going concern, not that you'll have liability for released data. At this point, the list of companies, organisations, and even governments that have been restricted from operating by ransomware far outweighs the embarrassment and liability of data leaks.”

According to new analysis from Ric Longenecker, CISO at Open Systems, which provides an adaptable and scalable SASE platform with tightly integrated managed detection and response (MDR) service and zero trust network access, these attacks highlight the importance of 24x7 threat coverage.

"Yet in-house security teams struggle to keep up with threat alerts and afford, find and retain enough cybersecurity experts," Longenecker says.

"Compounding this, the traditional approach of employing multiple point security products from a variety of vendors has increased complexity, making it hard to quickly identify and contain attacks," he adds.

"That's why it is critical for companies to use managed detection and response (MDR) services that pair cybersecurity experts with artificial intelligence and a broad set of data to detect and contain threats early in the cyber kill chain, protecting sensitive information and ensuring business continuity."

Recent stories
More stories