 In the first half of 2020, ransomware attacks have become more prevalent and received more attention than ever before. There are a number of different ransomware types out there in the wild, and most sophisticated threat actors have adapted their variants according to their attack plan. Some of them steal additional data and export it to C2 servers while encrypting all the data, others drop additional malware in the network for lateral movement purposes, and more sophisticated groups even offer customer support to support their ransomware. What they all have in common is that they let their victim know very quickly that they are infected and then everyone's life gets a lot harder. Since most people are working remotely during the current pandemic, it is no surprise that Remote Desktop Protocol (RDP) is the number one attack vector for ransomware these days. RDP was already a popular attack vector in 2019 due to the lack of security and misconfiguration in many of these devices, but the current work from home situation has made it even more popular. A Shodan scan from this week reveals that more than 3.8 million devices with RDP enabled are connected directly to the internet, and darknet sites often sell weak credentials and compromised data to help attackers to gain access to these systems. Researchers report that over 50% of every ransomware attacks was initiated via RDP. Email phishing attacks, a very popular attack vector that has been on the top of the list for a very long time, has moved to the number two spot. Work from home is the new paradigm that requires employees to complete their work-related tasks through remote internet connections. This new "telework" model provides many benefits to employees, including geographic freedom, the elimination of commuting, and more flexible schedules. When emergencies happen that shift employees out of the office, organizations need solutions that enable business continuity and support employees as they work from alternate locations. The transition to the teleworker model opens users and companies up to myriad security threats including malware, all forms of phishing attacks, and many more. Ashco cyber security solution and services addresses remote worker scenarios with three primary levels of connectivity. If you have technical questions or need assistance, contact us at info@ashcosystems.com  Zivif.PR115-204-P-RS.Web.Cameras.Remote.Command.Injection: CVE-2017-17105 indicates an attack attempt to exploit a Remote Command Injection vulnerability in Zivif PR115-204-P-RS Web Camera. The vulnerability is due to insufficient sanitizing of user supplied inputs. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted HTTP request. The affected products are Zivif PR115-204-P-RS V2.3.4.2103 and earlier. The impact can lead to remote attackers gaining control of vulnerable systems.  Lazarus Targets Cryptocurrency Vertical:
The weakest link in the cyberspace is usually the human factor. Most security incidents in corporate environments happen due to human mistakes. To be fair though, phishing and spear-phishing attacks are getting more and more sophisticated, so it's not always easy to spot them immediately. The rise of social media just added additional opportunities to gather information about their victims and use that in their phishing attacks. This is illustrated through an interesting report released by Researchers about the Lazarus group targeting the cryptocurrency vertical. It all starts with administrators at the targeted organizations receiving a phishing document via their personal LinkedIn account. The masqueraded document advertises for a job in a blockchain company (Lazarus targets people with LinkedIn profiles showing these skills). The attached malicious document claims to be protected by the General Data Protection Regulation (GDPR) and asks the user to enable content in Word to access the full document. Once the victims fall for it, the malicious embedded macro code executes and downloads a PowerShell script from a C2 server. Duri Campaign Leverages HTML and Javascript: Security researchers have recently discovered a new attack campaign that uses HTML smuggling techniques to evade detection and download malware to the victim's machine. When the victim clicks on the link - normally sent through spam or phishing emails - the page is redirected multiple times before landing on an HTML page, usually hosted on a Dynamic DNS domain. The landing page initializes the malicious data using JavaScript Base64 encoded code hidden in the HTML code. A ZIP file is then dynamically generated from the code and is downloaded to the victim's machine. By using this technique, the attacker can evade file sandbox and firewall detection because the payload is only constructed on the victim's browser. Our Research & Insights: Whitepaper: Effective Cyber Security Strategies During Covid-19 Pandemic Whitepaper: The Essential Guide to Security Remote Access Secure Devops: How to make security integral into your Devops process? E-Book: Effective Security Strategies for Devops and Application Services E-Book: How to Build a Next Generation Security Operations Center Validate your organizations cloud security and compliance posture using our Cloud Security Assessment.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
Book Free - Cyber Security Assessment & Consultation!
Follow Us and Share on Social Media. Join the Community to fight cyber crime.
|
- Home
- Solutions
- Services
-
Company
- About Us
- Customer Success Story
-
Free Resources
>
- Whitepaper - How To Prioritize Risk Across the Attack Surface
- The Ultimate Guide to Achieving Cyber Essentials Plus Certification
- ISO 27001 Implementation Checklist
- Whitepaper - What is Credential Stuffing? How To Prevent Credential Stuffing Attacks.
- eBook: Effective Security Strategies for Devops & Application Services
- eBook - How To Build A Next Generation SOC
- Free Cyber Security Assessment & Consultation
- Free Trial >
- Careers >
- Contact Us
- Blog
- Privacy-Policy
- SHOP
© 2023 Armoryze Consultancy Services, All Rights Reserved
