Security News

While the ransomware was previously used by advance persistent threat actors, its source code surfaced in March 2020, making it available to a wider breadth of attackers. "The fact Dharma source code has been made widely available led to the increase in the number of operators deploying it," Oleg Skulkin, senior digital forensics specialist with Group-IB, said in an analysis of the attacks posted Monday.

Spotted by security firm Nuspire, one campaign that has resurfaced lately grabs RDP credentials or access and then sells them on underground forums. Active on several underground forums and communities, TrueFighter specializes in the sale of compromised RDP accounts through which buyers gain remote administrative access to the networks of affected organizations.

Application threats and security trends you need to know aboutApplications are a gateway to valuable data, so it's no wonder they are one of attackers' preferred targets. C-suite execs often pressure IT teams to make security exceptions for themThe C-suite is the most likely group within an organization to ask for relaxed mobile security protocols - despite also being highly targeted by malicious cyberattacks, according to MobileIron.

A new version of the Sarwent malware can open the Remote Desktop Protocol port on target Windows computers to make sure that crooks can find their way back into the system through the backdoor. Create a new Windows user account, enable the RDP service for it, and make changes to the Windows firewall so that RDP access to the infected machine is allowed.

A new report by cyber threat intelligence provider Check Point illustrates a specific type of attack known as Reverse RDP. In a blog post published Thursday, Check Point explained how a Reverse RDP attack works. At Black Hat 2019, Check Point researchers revealed the Reverse RDP vulnerability, proving that a malware-infected remote computer could take over any client PC that connects to it.

Remember the Reverse RDP Attack-wherein a client system vulnerable to a path traversal vulnerability could get compromised when remotely accessing a server over Microsoft's Remote Desktop Protocol? Though Microsoft had patched the vulnerability as part of its July 2019 Patch Tuesday update, it turns out researchers were able to bypass the patch just by replacing the backward slashes in paths with forward slashes.

According to Kaspersky, the number of brute-force RDP attacks has rocketed all around the world. At the beginning of March, the security company was observing in the low hundreds of thousands of RDP attempts per country, per day, but the volume grew to nearly 1 million attacks per day toward the end of the month, in some countries.

Not unexpectedly, enterprise VPN use has also greatly increased, and so has the use of the Remote Desktop Protocol, a popular and common means for remotely managing a computer over a network connection. The number of devices exposing RDP to the internet on standard ports has grown by 41.5 percent over the past month.

A recently discovered TrickBot variant targeting telecommunications organizations in the United States and Hong Kong includes a module for remote desktop protocol brute-forcing, Bitdefender reports. Now, its operators apparently added a new rdpScanDll module to the threat, to brute-force RDP for a specific list of victims.

The TrickBot malware has added a new feature: A module called rdpScanDll, built for brute-forcing remote desktop protocol accounts. TrickBot is a malware strain that has been around since 2016, starting life as a banking trojan.