Security News

The COVID-19 pandemic continued to influence the cybercrime landscape in 2020, ESET reveals. Most notably, the new attack surface created by the shift to work from home brought further growth of Remote Desktop Protocol attacks, albeit at a slower rate compared to previous quarters.

Netscout so far has identified more than 14,000 "Abusable" Windows RDP servers that can be misused by attackers in DDoS attacks-troubling news at a time when this type of attack is on the rise due to the increased volume of people online during the ongoing coronavirus pandemic. What's more, while initially only advanced attackers with access to "Bespoke DDoS attack infrastructure" used this method of amplification, researchers also observed RDP servers being abused in DDoS-for-hire services by so-called "Booters," they said.

Windows admins can configure RDP to run on TCP port 3389 or UDP port 3389, and if the latter is enabled, the system can be abused to launch DDoS attacks that have an amplification ratio of 85.9:1. The company has reported seeing roughly 14,000 unprotected RDP servers that can be abused for such attacks.

"As a result of COVID-19 and associated global trends, demand for malicious and illicit goods, services and data have reached new peak highs across dark web marketplaces," said researchers in a Friday analysis. Upon a deep-dive investigation into the underground marketplace, researchers found that the pricing for stolen payment cards has soared in 2020; jumping from $14.64 in 2019 to $20.16 in 2020.

Guidewire Software announced a new Remote Desktop Protocol, Exposure Signal, for its Guidewire Cyence for Cyber product. Cyberattacks against Internet-exposed RDP servers are surging, and Exposure Signal is designed to detect on-demand whether a company's RDP has been exposed to the internet and a potential cyberattack.

The COVID-19 pandemic has apparently resulted in industrial systems being increasingly targeted by malicious actors through brute-force attacks on the Remote Desktop Protocol, Kaspersky reported on Thursday. Kaspersky's report on the industrial threat landscape for the first half of 2020 reveals that the number of attacks aimed at RDP on industrial computers increased steadily between February and May. The cybersecurity firm has seen brute-force attacks against RDP passwords on 0.16% of the industrial control systems it protected in February and 0.33% in May. The percentage dropped slightly in June, but still remained at an above average level.

While the ransomware was previously used by advance persistent threat actors, its source code surfaced in March 2020, making it available to a wider breadth of attackers. "The fact Dharma source code has been made widely available led to the increase in the number of operators deploying it," Oleg Skulkin, senior digital forensics specialist with Group-IB, said in an analysis of the attacks posted Monday.

Spotted by security firm Nuspire, one campaign that has resurfaced lately grabs RDP credentials or access and then sells them on underground forums. Active on several underground forums and communities, TrueFighter specializes in the sale of compromised RDP accounts through which buyers gain remote administrative access to the networks of affected organizations.

Application threats and security trends you need to know aboutApplications are a gateway to valuable data, so it's no wonder they are one of attackers' preferred targets. C-suite execs often pressure IT teams to make security exceptions for themThe C-suite is the most likely group within an organization to ask for relaxed mobile security protocols - despite also being highly targeted by malicious cyberattacks, according to MobileIron.

A new version of the Sarwent malware can open the Remote Desktop Protocol port on target Windows computers to make sure that crooks can find their way back into the system through the backdoor. Create a new Windows user account, enable the RDP service for it, and make changes to the Windows firewall so that RDP access to the infected machine is allowed.