How one hacked laptop led to an entire network being compromised December 14, 2018 https://www.zdnet.com/article/how-one-hacked-laptop-led-to-an-entire-network-being-compromised/
Which leads to the question of why security measures were not in place to treat laptops as any other external device connecting to the corp. network? At a minimum, the network connection should have been blocked until the device was scanned by the in-house AV software.
Good point indeed. The company I work for would have had the laptop put to a stand still mere minutes after a similar type infection. Chances are very good the phishing email would not have made it to the inbox either, because of the perimeter defenses they incorporate. Employees are made to take online courses for this type of thing as well as other cyber security courses, and they are "tested" routinely by the company with mock phishing emails sent to them. If an employee falls for it, they are made to re-take the course.
Yes but besides this, any high quality EDR system should have picked up malicious activity performed by this laptop on the network. So this is clearly a case of either a lack of EDR, or usage of a low quality EDR. And with EDR I mean tools mentioned in link: https://attackevals.mitre.org/evaluations.html
And yet again the weakest link theory has been proven. The lack of some businesses to apply correct network security procedures is always a bonus, but there's no substitute for stupid people.