Security News > 2024 > September > Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts
Storm-0501, an affiliate of several high-profile ransomware-as-a-service outfits, has been spotted compromising targets’ cloud environments and on-premises systems. “Storm-0501 is the latest threat actor observed to exploit weak credentials and over-privileged accounts to move from organizations’ on-premises environment to cloud environments. They stole credentials and used them to gain control of the network, eventually creating persistent backdoor access to the cloud environment and deploying ransomware to the on-premises,” Microsoft shared last week. Common tactics and … More → The post Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/30/ransomware-cloud-compromise/
Related news
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- New VanHelsing ransomware targets Windows, ARM, ESXi systems (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)
- Microsoft: Licensing issue blocks Microsoft 365 Family for some users (source)
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK? (source)
- Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 (source)
- Attackers phish OAuth codes, take over Microsoft 365 accounts (source)