Security News > 2023 > November > Ransomware more efficient than ever, and baddies are still after your logs

Ransomware more efficient than ever, and baddies are still after your logs
2023-11-15 09:30

Organizations are still failing to implement adequate logging measures, increasing the difficulty faced by defenders and incident responders to identify the cause of infosec attacks.

The primary goals of attackers when wiping logs include evading detection, identification, and attribution, and maintaining access within a system.

The absence of logs can also indicate possible efforts from the organization to cover up the attack.

In cases of security breaches, logs allow incident responders to see where and when it all started, how the attacker was able to get in, where their IP address points to, what user account executed a specific task, and more.

Logs can be especially useful when investigating ransomware, being able to reveal what systems have and haven't been accessed by an account the logs can show is compromised.

In the case of a ransomware attack, if you have more friction, then you can delay the time until exfiltration; exfiltration often occurs just before detection and is often the costliest part of the attack."


News URL

https://go.theregister.com/feed/www.theregister.com/2023/11/15/ransomware_more_efficient_than_ever/