It is recommended that whenever possible accounts should have MFA enabled to help prevent unwanted logins from cyber criminals that manage to steal credentials. It is important that everyone understand how to identify a phishing email, especially those targeted at stealing credentials. According to researchers there was not a hierarchy set up that limited the access users had within the network. That means no matter which employee got their credentials stolen, the threat actor would have access to sensitive data. As a good security practice, employees should only have access to minimal data needed to do their job. Along with these practices, monitoring should be put in place within an organization that could identify fraudulent logins and attacks including one that identifies lateral movement such as Binary Defense’s Managed Detection and Response.
Intro The Binary Defense threat hunting team are experts on today’s threat actor groups. In