Security News
Guidewire Software announced a new Remote Desktop Protocol, Exposure Signal, for its Guidewire Cyence for Cyber product. Cyberattacks against Internet-exposed RDP servers are surging, and Exposure Signal is designed to detect on-demand whether a company's RDP has been exposed to the internet and a potential cyberattack.
The COVID-19 pandemic has apparently resulted in industrial systems being increasingly targeted by malicious actors through brute-force attacks on the Remote Desktop Protocol, Kaspersky reported on Thursday. Kaspersky's report on the industrial threat landscape for the first half of 2020 reveals that the number of attacks aimed at RDP on industrial computers increased steadily between February and May. The cybersecurity firm has seen brute-force attacks against RDP passwords on 0.16% of the industrial control systems it protected in February and 0.33% in May. The percentage dropped slightly in June, but still remained at an above average level.
While the ransomware was previously used by advance persistent threat actors, its source code surfaced in March 2020, making it available to a wider breadth of attackers. "The fact Dharma source code has been made widely available led to the increase in the number of operators deploying it," Oleg Skulkin, senior digital forensics specialist with Group-IB, said in an analysis of the attacks posted Monday.
Spotted by security firm Nuspire, one campaign that has resurfaced lately grabs RDP credentials or access and then sells them on underground forums. Active on several underground forums and communities, TrueFighter specializes in the sale of compromised RDP accounts through which buyers gain remote administrative access to the networks of affected organizations.
Application threats and security trends you need to know aboutApplications are a gateway to valuable data, so it's no wonder they are one of attackers' preferred targets. C-suite execs often pressure IT teams to make security exceptions for themThe C-suite is the most likely group within an organization to ask for relaxed mobile security protocols - despite also being highly targeted by malicious cyberattacks, according to MobileIron.
A new version of the Sarwent malware can open the Remote Desktop Protocol port on target Windows computers to make sure that crooks can find their way back into the system through the backdoor. Create a new Windows user account, enable the RDP service for it, and make changes to the Windows firewall so that RDP access to the infected machine is allowed.
A new report by cyber threat intelligence provider Check Point illustrates a specific type of attack known as Reverse RDP. In a blog post published Thursday, Check Point explained how a Reverse RDP attack works. At Black Hat 2019, Check Point researchers revealed the Reverse RDP vulnerability, proving that a malware-infected remote computer could take over any client PC that connects to it.
Remember the Reverse RDP Attack-wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol? Though Microsoft had patched the vulnerability as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward slashes in paths with forward slashes.
According to Kaspersky, the number of brute-force RDP attacks has rocketed all around the world. At the beginning of March, the security company was observing in the low hundreds of thousands of RDP attempts per country, per day, but the volume grew to nearly 1 million attacks per day toward the end of the month, in some countries.
Not unexpectedly, enterprise VPN use has also greatly increased, and so has the use of the Remote Desktop Protocol, a popular and common means for remotely managing a computer over a network connection. The number of devices exposing RDP to the internet on standard ports has grown by 41.5 percent over the past month.