Cybercriminals continue targeting open remote access products

2023-12-11 05:00

Cybercriminals still prefer targeting open remote access products, or like to leverage legitimate remote access tools to hide their malicious actions, according to WatchGuard.

"Threat actors continue using different tools and methods in their attack campaigns, making it critical for organizations to keep abreast of the latest tactics to fortify their security strategy," said Corey Nachreiner, chief security officer at WatchGuard.

In researching the top phishing domains, the Threat Lab observed a tech support scam that would result in a victim downloading a pre-configured, unauthorised version of TeamViewer, which would allow an attacker full remote access to their computer.

Malicious scripts declined as an attack vector by 11% in Q3 after dropping by 41% in Q2. Still, script-based attacks remain the largest attack vector, accounting for 56% of total attacks, and scripting languages like PowerShell are often used in living-off-the-land attacks.

Living-off-the-land attacks make up the most endpoint attacks.

Network attacks saw a 16% increase in Q3. ProxyLogon was the number-one vulnerability targeted in network attacks, comprising 10% of all network detections in total.

News URL

https://www.helpnetsecurity.com/2023/12/11/remote-access-malicious-actions/

#cybercriminal #remote #remoteaccess