Massive Akira ransomware attack averted

Akira ransomware operation's massive remote encryption attack against an industrial organization in June has been circumvented with Microsoft Defender for Endpoint's user containment functionality, according to The Hacker News. While devices not onboarded to Defender for Endpoint were leveraged by Akira ransomware, also known as Storm-1567, endpoints and other network resources were not compromised by breached user accounts through the intervention of the Defender for Endpoint feature, a report from the Microsoft Threat Intelligence Team revealed. Attempted lateral movement attacks against a medical research lab two months later, which involved default domain admin account password resets, were also foiled by Defender for Endpoint, said the report. "Highly privileged user accounts are arguably the most important assets for attackers. Compromised domain admin-level accounts in environments that use traditional solutions provide attackers with access to Active Directory and could subvert traditional security mechanisms," said Microsoft, which emphasized the importance of containing compromised user accounts to thwart attacks even after successful initial access.