The Services That Were Used For Ransomware Infection?Orhan Sari
Ransomware Infection – While ransomware generating hackers are heavily targeting vulnerabilities in Citrix and Pulse Secure VPN software to infiltrate corporate networks in the first half of 2020, some ransomware targets the vulnerable or risky Windows Remote Desktop Protocol (RDP).
Ransomware attacks targeting the business sector reached the Top for the whole time in the first half of 2020.
The most popular attack methods used by the hackers that create ransomware in the first half of 2020 are as follows.
- Exploiting insecure RDP services,
- organizing email phishing attacks,
- and exploiting corporate VPN tools.
1- RDP – The Number One On The List of Ransomware Infection
At the top of this list is Remote Desktop Protocol (RDP). According to reports from Coveware , Emsisoft and Recorded Future, the RDP service qualifies as the most popular attack target in 2020, and RDP is the source of most ransomware cases.
“Today RDP is seen as the biggest attack vector for ransomware,” said cybersecurity firm Emsisoft last month as part of a guide to securing the RDP service against ransomware hacker groups. said.
Statistics from Coveware, a company that provides incident response and protection against ransomware, confirms this assessment; As a result of Covaware’s research this year, we observe that the most popular entry point used by ransomware to infect a device is the RDP service.
RDP is today’s best technology for connecting to remote servers, and there are millions of computers with RDP ports, making RDP a great attack vector not only for malware infection but for all types of malicious cyber activity.
Today, attackers scan the internet network to infiltrate the system over RDP connections and perform brute force attacks on points they detect.
Systems using a weak username and password combinations are captured by brute force attacks and put up for sale in the dark web world.
2- Social Engineering – The Second On The List of Ransomware Infection
Attackers use RDP and unsecured VPN services to infect the victims operating systems with malware, however, human weakness is at the top of our list. Companies invest heavily in email security these days, however, attackers are finding and developing new types and methods of attacks every day. Therefore, end-users play significant roles to mitigate Ransomware attacks.
Human Deception Method
Attackers prepare a malicious emails that will bypass all security systems and send these vectors to users using email. Users can click on the malicious links to or run malicious attachments. In order to mislead users, the attackers send spear-phishing attacks or BEC attacks l to look more genuine. Therefore, they can include additional files in fake emails. Once users are manipulated, the attacker encrypts all files on the system irreversibly and demands a ransom from the user in return.
RDP and VPN Services
RDP ports of servers or personal computers in our company’s internal network should not be opened unless an external network is required. If a connection from the external network is required, it must be included in the internal network with VPN and the connection must be provided in an encrypted way. In case RDP networks open directly to the external network due to the institutional structure, the operating system should be kept up to date and the RDP connection credentials (username and password) must be difficult to be cracked. Password must be at least 10 characters long, contain uppercase letters, special characters, and numbers.
The encryption types of VPN applications and services used in connections to the internal network of the institution should be kept high, VPN connections made from different locations should be followed and an alert structure should be established. We also recommend keeping the VPN service up to date against security vulnerabilities.
When malicious attack vectors sent to users via email, it is important to determine how your email services and security solutions react to these attacks. You must know whether your email security solutions are configured correctly or not.
By performing email threat simulations at regular intervals, you can test your email services their vulnerability levels. Keepnet Labs Email Threat Simulator can test your security mechanisms by sending more than 500 real-world email attack vectors to your institution’s test email address in a secure environment.
Email Threat Simulator provides you a report by testing all your security solutions such as sandbox, anti-spam and firewall. In this report, you can observe which types of attacks you are most vulnerable to and strengthen your security structure with suggestions.
With the Keepnet Labs Phishing Simulator and Awareness Educator modules, you can measure the level of awareness of your employees and improve their awareness using our multi-level cyber security awareness training library. No matter how much investment is made in security devices, human awareness is equally important.