You should eliminate local admin accounts and work towards least privilege. If you haven’t done that yet you better be frequently auditing and monitoring both the accounts and their activity.
“... The threat actors used scripts to create local administrator accounts disguised as legitimate backup accounts...”
https://www.us-cert.gov/ncas/alerts/TA18-074A
No comments:
Post a Comment