HFTTF Girişim Zirvesi

Son Haberler

İzmir Bilişim Zirvesi 2015’e Katıldık
ODTÜ Android Geliştirici Günlerine Katıldık
kiralık bahis sitesi fiyatları
bahis sitesi kiralama
THE 7 MOST ESSENTIAL SECURITY AWARENESS TRAINING TOPICS FOR 2021
Oltalama Saldırıları Şirketler İçin Ne Anlama Geliyor?
Websitenizin Güvende Olduğundan Nasıl Emin Olabilirsiniz?
WHAT SHOULD YOU DO IF YOU ARE A VICTIM OF A PHISHING ATTACK?
WHAT TO DO IF YOU RECEIVE A PHISHING EMAIL?
Etkili Oltalama Eğitimi İçin Gerekli Adımlar
Önemli Oltalama Türleri ve Tespit Yöntemleri
EMAIL SECURITY SOLUTIONS
Fidye Yazılımı ve Oltalama 2021’de de Artışta Olacak
E-posta Güvenlik Yazılımı Seçerken Nelere Bakılmalı?
Şu an buradasınız: Ana Sayfa / Genel / THE SERVICES THAT WERE USED FOR RANSOMWARE INFECTION?
Genel

THE SERVICES THAT WERE USED FOR RANSOMWARE INFECTION?

26 Eylül 2020 By 0 3

The Services That Were Used For Ransomware Infection?

Ransomware Infection – While ransomware generating hackers are heavily targeting vulnerabilities in Citrix and Pulse Secure VPN software to infiltrate corporate networks in the first half of 2020, some ransomware targets the vulnerable or risky Windows Remote Desktop Protocol (RDP).

Ransomware attacks targeting the business sector reached the Top for the whole time in the first half of 2020.

The most popular attack methods used by the hackers that create ransomware in the first half of 2020 are as follows.

  • Exploiting insecure RDP services,
  • organizing email phishing attacks,
  • and exploiting corporate VPN tools.

1- RDP – The Number One On The List of Ransomware Infection

At the top of this list is Remote Desktop Protocol (RDP). According to reports from Coveware  ,   Emsisoft  and   Recorded  Future, the RDP service qualifies as the most popular attack target in 2020, and RDP is the source of most ransomware cases.

“Today RDP is seen as the biggest attack vector for ransomware,” said cybersecurity firm Emsisoft last month as part of a guide to securing the RDP service against ransomware hacker groups. said.

Statistics from Coveware, a company that provides incident response and protection against ransomware, confirms this assessment; As a result of Covaware’s research this year, we observe that the most popular entry point used by ransomware to infect a device is the RDP service.

 

RDP-Attacks-Keepnet-Labs-Ransomware

RDP is today’s best technology for connecting to remote servers, and there are millions of computers with RDP ports, making RDP a great attack vector not only for malware infection but for all types of malicious cyber activity.

Today, attackers scan the internet network to infiltrate the system over RDP connections and perform brute force attacks on points they detect.

Systems using a weak username and password combinations are captured by brute force attacks and put up for sale in the dark web world.

2- Social Engineering – The Second On The List of Ransomware Infection

Attackers use RDP and unsecured VPN services to infect the victims operating systems with malware, however, human weakness is at the top of our list. Companies invest heavily in email security these days, however, attackers are finding and developing new types and methods of attacks every day. Therefore, end-users play significant roles to mitigate Ransomware attacks.

Human Deception Method

Attackers prepare a malicious emails that will bypass all security systems and send these vectors to users using email. Users can click on the malicious links to or run malicious attachments. In order to mislead users, the attackers send spear-phishing attacks or BEC attacks l to look more genuine. Therefore, they can include additional files in fake emails. Once users are manipulated, the attacker encrypts all files on the system irreversibly and demands a ransom from the user in return.

How To Stop Ransomware Infection?

RDP and VPN Services

RDP ports of servers or personal computers in our company’s internal network should not be opened unless an external network is required. If a connection from the external network is required, it must be included in the internal network with VPN and the connection must be provided in an encrypted way. In case RDP networks open directly to the external network due to the institutional structure, the operating system should be kept up to date and the RDP connection credentials (username and password) must be difficult to be cracked. Password must be at least 10 characters long, contain uppercase letters, special characters, and numbers.

The encryption types of VPN applications and services used in connections to the internal network of the institution should be kept high, VPN connections made from different locations should be followed and an alert structure should be established. We also recommend keeping the VPN service up to date against security vulnerabilities.

Cyber security Awareness Training,  Email Threat Simulation, and Anti-phishing solution

When malicious attack vectors sent to users via email, it is important to determine how your email services and security solutions react to these attacks. You must know whether your email security  solutions are configured correctly or not.

By performing email threat simulations at regular intervals, you can test your email services their vulnerability levels.  Keepnet Labs Email Threat Simulator  can test your security mechanisms by sending more than 500 real-world email attack vectors to your institution’s test email address in a secure environment.

Email Threat Simulator provides you a report by testing all your security solutions such as sandbox, anti-spam and firewall. In this report, you can observe which types of attacks you are most vulnerable to and strengthen your security structure with suggestions.

With the Keepnet Labs Phishing Simulator and Awareness Educator modules, you can measure the level of awareness of your employees and improve their awareness using our multi-level cyber security awareness training library.  No matter how much investment is made in security devices, human awareness is equally important.

This blog had been published at www.keepnetlabs.com.

 

RSS Teknoloji Haberleri

  • En güncel teknoloji konuları ile dolu CHIP bu ay 3655 TL değerinde tam sürüm yazılım hediyeli!
    Bu sayıda kapakta da gördüğünüz gibi herkese 3655 TL değere sahip tam sürüm yazılımlar hediye ediyor. Üstelik bunlardan biri de en iyi güvenlik yazılımlarından biri olan ESET NOD32. Böylece derginizi okuduğunuz 3 ay boyunca virüs ve zararlı yazılımları da dert etmek zorunda kalmayacaksınız.
  • Bir büyük oyun etkinliği daha iptal edildi: BlizzCon, 2024'te olmayacak
    Blizzard, yaptığı duyuruyla Blizzcon'un 2024 yılında düzenlenmeyeceğini duyurdu. Ancak şirket, BlizzCon yerine bu yıl daha küçük etkinlikler düzenleyeceğini ifade etti.
  • TCL MoveTime MT46 İnceleme
    Eğer çocuğunuzun akıllı telefon kullanmaya henüz hazır olmadığını düşünüyorsanız, TCL'in yeni akıllı saati tam aradığınız şey olabilir. MoveTime MT46 sayesinde çocuğunuzla hem iletişim kurabilir hem de güvenliğini sağlayabilirsiniz. İşte tüm detaylarıyla TCL MoveTime MT46 incelemesi!
  • 25 yıllık oyunda kimsenin beklemediği yeni keşif
    1999 yılında geliştirilen Castlevania: Legacy of Darkness oyunu, 25 yılın ardından tekrar gündeme geldi. Castlevania 64 Discord sunucusunda ortaya çıkarılan "Konami Code" sayesinde, oyundaki karakterler, alternatif kostümler ve zor mod anında açılabiliyor.
  • LEGO Star Wars İş Birliği, 25’inci Yılında 2024 Yılı Boyunca Kutlanacak
    The LEGO Group, Lucasfilm iş birliğiyle 25’inci yıl kutlamalarını Ocak ayı itibarıyla Nürnberg Uluslararası Oyuncak Fuarı’nda başlattı. Tüm yıl sürecek kutlamaların bir parçası olarak duyurulan LEGO Star Wars™ 25-Second Film Festivali’nin yanı sıra birçok lego seti raflardaki yerini alacak.