Before any malware can carry out the malicious tasks it was designed to do – it has to get into and infect a host system. This can be done in a variety of ways.
It can be something as simple as plugging in an infected USB stick into your computer (I always cringe when watching police procedurals – especially the various NCIS franchises – that just plug memory sticks into their machine without caution). Of course you would not do that would you?
(Now you have thought about memory sticks, is it time to use a remote monitoring and management (RMM) product to defend against the rogue use of USB memory sticks in your organisation? This would also be a good defence against the ever present trusted insider, simply downloading your business secrets onto a memory stick and walking out the door with them.)
Or is could be something more complicated, involving spoofed emails, with carefully crafted, social engineering content, to exploit your team’s trust. Leading them to a website, that, whilst they read the content, in the background installs the malware by stealth.
(Now you have thought about that one – does the anti-virus you use, defend against those types of websites? Are you sure everyone in your organisation has the right anti-virus installed?)
Here is an excellent post from the Microsoft 365 Defender Threat Intelligence Team about just how threat actors get BlackCat past your defences and onto machines.
The many lives of BlackCat ransomware – Microsoft Security Blog
It is worth having a look at to see where the gaps or strengths lie in your cyber security planning – and if you need help, you can use our contact form!
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Remote monitoring and management IT monitoring at Octagon Technology