Authorization sprawl: Attacking modern access models

4 hours ago searchsecurity.techtarget.com

Attackers exploit authorization sprawl by using legitimate credentials and SSO tokens to move between systems, bypassing security controls and deploying ransomware undetected.

Share this item with your network:

Joshua Wright, SANS Institute

U.K. retailer Marks & Spencer is dealing with the aftermath of a ransomware attack that began with disruptions to customer orders at the end of April. Marks & Spencer disabled its online ordering platform, customers reported empty shelves in stores, employees were told to stay home from work and the company's valuation plummeted by more than half a billion pounds while the security team worked to recover.

The company has said it could take until July to fully recover from the attack; only in mid-June was it able to resume online orders, at limited capacity and shipping.

Many believe the attack against Marks & Spencer is the action of the Scattered Spider team, a collection of ...

Copyright of this story solely belongs to searchsecurity.techtarget.com . To see the full text click HERE

Attackers exploit authorization sprawl by using legitimate credentials and SSO tokens to move between systems, bypassing security controls and deploying ransomware undetected.

Share: