cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

New research into Midas ransomware attack highlights impact of limited access controls

New Sophos research titled “Windows services lay the groundwork for a Midas ransomware attack”, has revealed the importance of ZTNA.

user iconReporter
Thu, 27 Jan 2022
New research into Midas ransomware attack highlights impact of limited access controls
expand image

The research details how attackers were able to spend nearly two months undetected in a target's environment, taking advantage of limited access controls, network and application segregation, which would have been better protected with ZTNA.

Sophos researchers found attackers further leveraged no-longer-used "ghost" remote access tools to move laterally, target and compromise other machines, create new accounts, install back doors and exfiltrate data, before releasing the Midas ransomware.

In response, Sophos unveiled the Sophos ZTNA, a new offering that fully integrates with a next-generation end point solution, along with Sophos Intercept X, which is designed to provide advanced end point protection and zero trust network access with a single agent.


Sophos ZTNA introduces a transparent and scalable security model for connecting users and devices to applications and data, improving and simplifying protection against ransomware and other advanced cyber security threats.

Through its unique integration with Sophos Intercept X, including Sophos Extended Detection and Response (XDR), Sophos Managed Threat Response and other solutions using its technology, Sophos ZTNA removes the complexities of managing multiple vendor products and agents, and provides end-to-end protection for end points, users, their identities and the applications and networks that they connect to.

As part of the Sophos Adaptive Cybersecurity Ecosystem, Sophos ZTNA shares real-time threat intelligence with other solutions and automatically responds to threats.

Working together, the Sophos solutions can better identify active threats and assess device health, so compromised and non-compliant devices can be quickly isolated.

Many traditional remote access solutions, like remote desktops and IPsec and SSL-VPN, provide strong encryption, but very little else in defence against modern threats according to Joe Levy, chief technology and product officer at Sophos.

"We see attackers increasingly exploiting these limitations, stuffing credentials into RDP and VPNs to gain access to victim networks, and then moving freely once inside, all too often culminating in costly data theft and ransomware incidents.

"People, applications, devices and data aren’t constrained to offices anymore – they’re everywhere, and we need more modern ways to secure them.

"Zero trust is a very effective cyber security principle, and ZTNA embodies it in a practical, easy-to-use way, ensuring that users have secure access to only the resources that they need," Levy said.

Sophos ZTNA micro-segments networks to protect against intrusions, lateral movement and data theft.

It is designed to constantly authenticate user identities with multiple factors and validates device health, delivering tighter access controls for users and fewer footholds for cyber criminals.

Unlike VPNs that provide broad network access, Sophos ZTNA eliminates implied trust and only authorises user access to specific applications and systems on the network.

By trusting nothing and verifying everything, Sophos ZTNA aims to improve protection, simplifies security management for IT managers and creates a smooth experience for remote workers.

According to Christopher Rodriguez, research director, network security products at IDC, the future of work will be hybrid, making it imperative that organisations are able to protect remote workers, remote data and remote applications.

"By integrating ZTNA with end point protection, Sophos ZTNA enables risk-appropriate access to resources from any device, at any time and from any location.

"Trust is a key factor in business today – one that requires critical security controls to protect against business-impacting events, such as ransomware and data compromise," Rodriguez concluded.

[Related: Lingering Log4j risks still at large, Dutch cyber security agency warns]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.