The Curious Case of the Fake Ukrainian Ransomware AttackDelinea's Joseph Carson on Lessons Learned From the Incident Response Frontlines
Things are not always what they seem. That's one lesson learned by Joseph Carson, who as chief security scientist and advisory CISO to security vendor Delinea regularly gets called on to advise incident response teams or review past cases to identify common tactics being used by attackers.
In the course of one such review several years ago - of a case involving a Ukrainian firm that suffered a ransomware infection, the incident looked strange because the attack path didn't appear to involve anything internal, he says.
Long story short: "The organization was actually conducting financial fraud," he says, and ransomware had been deployed to try and hide their tracks, "because ransomware is very good at destroying evidence. It's very good at getting rid of files and locking up systems." But with a bit of additional context, the attempt at misdirection was revealed.
In a video interview with Information Security Media Group, Carson discusses:
- A Ukrainian ransomware incident with an unusual twist;
- How a different, pandemic-era ransomware incident traced to shadow IT;
- Essential business resilience and threat intelligence capabilities for better repelling and surviving attacks.
Carson is a cybersecurity professional and an ethical hacker with more than 25 years of experience in enterprise security. He is the author of "Privileged Account Management for Dummies" and "Cybersecurity for Dummies" and is a cybersecurity adviser to several governments as well as critical infrastructure, financial and transportation companies. He is a seasoned speaker and has presented at conferences globally.