Security News > 2023 > December > Cybercriminals continue targeting open remote access products
Cybercriminals still prefer targeting open remote access products, or like to leverage legitimate remote access tools to hide their malicious actions, according to WatchGuard.
"Threat actors continue using different tools and methods in their attack campaigns, making it critical for organizations to keep abreast of the latest tactics to fortify their security strategy," said Corey Nachreiner, chief security officer at WatchGuard.
In researching the top phishing domains, the Threat Lab observed a tech support scam that would result in a victim downloading a pre-configured, unauthorised version of TeamViewer, which would allow an attacker full remote access to their computer.
Malicious scripts declined as an attack vector by 11% in Q3 after dropping by 41% in Q2. Still, script-based attacks remain the largest attack vector, accounting for 56% of total attacks, and scripting languages like PowerShell are often used in living-off-the-land attacks.
Living-off-the-land attacks make up the most endpoint attacks.
Network attacks saw a 16% increase in Q3. ProxyLogon was the number-one vulnerability targeted in network attacks, comprising 10% of all network detections in total.
News URL
https://www.helpnetsecurity.com/2023/12/11/remote-access-malicious-actions/
Related news
- QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features (source)
- Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access (source)
- Kimsuky hackers use new custom RDP Wrapper for remote access (source)
- New Linux Malware ‘Auto-Color’ Grants Hackers Full Remote Access to Compromised Systems (source)