RDP Archives - Cyber Security Minute

Password Report: Honeypot Data Shows Bot Attack Trends Against RDP, SSH

Issued by: Security Week

An analysis of data collected by Rapid7’s RDP and SSH honeypots between September 10, 2021, and September 9, 2022, found tens of millions of connection attempts. The honeypots captured 215,894 unique IP source addresses and 512,002 unique passwords across RDP and SSH honeypots. Almost all the passwords (99.997%) can be found in rockyou2021.txt. In 2009,…

Software Security

Microsoft clamps down on RDP brute-force attacks in Windows 11

Issued by: Malwarebytes

It wasn’t so long ago that we were wondering what improvements Windows 11 would make in the security stakes. Well, we haven’t had to wait too long to find out. Windows 11 build 22528.1000 and up will tackle one of the more common entry points for network intruders. Namely, trying to prevent the brute forcing…

Cloud Security

How Advances in Cloud Security Can Help with Ransomware

Issued by: CIO Security

The ransomware scourge continues, with incidents hitting a U.S. record in the second quarter of 2021, as attackers expand into vertical industries and target critical infrastructure. Ransom demands have also been growing. According to IT Governance, the average decryption key rate from attackers is $140,000 yet many organizations end up paying much more than that….

Mobile Security

RDP brute force attacks explained

Issued by: Blog Malwarebytes

While you read these words, the chances are that somebody, somewhere, is trying to break in to your computer by guessing your password. If your computer is connected to the Internet it can be found, quickly, and if it can be found, somebody will try to break in. And it isn’t like the movies. The…

Malware & Threats

LemonDuck no longer settles for breadcrumbs

Issued by: Blog Malwarebytes

LemonDuck has evolved from a Monero cryptominer into LemonCat, a Trojan that specializes in backdoor installation, credential and data theft, and malware delivery, according to the Microsoft 365 Defender Threat Intelligence Team, which explained their findings in a two-part story [1][2] on the Microsoft Security blog. LemonDuck Trojan.LemonDuck has always been an advanced cryptominer that…

Vulnerabilities

‘Hades’ Ransomware Hits Big Firms, but Operators Slow to Respond to Victims

Issued by: Security Week

Initially observed in December 2020, the self-named Hades ransomware (a different malware family from the Hades Locker ransomware that emerged in 2016) employs a double-extortion tactic, exfiltrating victim data and threatening to leak it publicly unless the ransom is paid. The adversary appears mainly focused on enterprises, with some of the victims being multi-national organizations…

Malware & Threats

Enterprises Warned of Growing Risk Posed by Initial Access Brokers

Issued by: Security Week

Initial access brokers breach as many organizations as they can, but instead of using that access to steal data or cause disruption themselves, they sell access to other threat actors, including ransomware operators and nation-state groups. Digital Shadows has been monitoring initial access brokers for years, but the company says the coronavirus pandemic that hit…

Malware & Threats

A week in security (February 15 – February 21)

Issued by: Blog Malwarebytes

Last week on Malwarebytes Labs, the spotlight fell on the State of Malware 2021 report, wherein we have seen cyberthreats evolve. We also touched on ransomware, such as Egregor and a tactic known as Remote Desktop Protocol (RDP) brute forcing that has long been part of the ransomware operators’ toolkit; insider threats, such as what…

Network Security

2021 will overburden already stressed infosec teams

Issued by: Help Net Security

The year 2020 has given us a contentious U.S. election, a global economic crisis, and most notably a global pandemic. Disinformation has wreaked havoc in our ability to discern fact from truth, ransomware has been delivering ever more serious consequences, and insider leaks continue to validate privacy concerns despite increased adoption of privacy laws across…

Network Security

What is an RDP attack? 7 tips for mitigating your exposure

Issued by: CSO

Microsoft’s Remote Desktop Protocol (RDP) is used for remotely connecting to Windows systems. In an RDP attack, criminals look for unsecured RDP services to exploit and access enterprise networks. It’s frighteningly easy to do so because many organizations fail to secure RDP services against improper access. Over the past year, RDP has become the top…