Tag Archive for: present

RDP Abuse Present in 90% of Ransomware Breaches

/in


Remote desktop protocol (RDP) compromise has reached record levels in ransomware attacks, according to new data from Sophos.

The UK-based security vendor analyzed 150 of its incident response cases from 2023 and found RDP abuse featured in 90% of them to give threat actors remote access to Windows environments.

Sophos described the rate of RDP abuse as “unprecedented” and said it partially explained why “external remote services” were the most popular way for threat actors to gain initial access in ransomware attacks – accounting for 65% of cases last year.

In one case, attackers successfully compromised the same victim four times within six months via exposed RDP ports. Once inside, they were able to move laterally through its networks, downloading malicious binaries, disabling endpoint protection and establishing remote access, Sophos said.

RDP offers several advantages for ransomware actors:

  • It is extremely popular among network administrators
  • Attackers can abuse it for remote access without setting off any AV or EDR alarms
  • It offers an easy-to-use GUI
  • The service is often misconfigured, meaning it is publicly exposed and protected only with easy-to-crack credentials
  • Highly privileged accounts are sometimes used for RDP, amplifying the damage that can be done
  • Administrators often disable security features such as Network Level Authentication
  • Many organizations forget to segment their networks, which helps RDP attackers

Read more on RDP threats: VPN and RDP Exploitation the Most Common Attack Technique

“External remote services are a necessary, but risky, requirement for many businesses. Attackers understand the risks these services pose and actively seek to subvert them due to the bounty that lies beyond,” argued John Shier, Sophos field CTO.

“Exposing services without careful consideration and mitigation of their risks inevitably leads to compromise. It doesn’t take long for an attacker to find and breach an exposed RDP server, and without additional controls, neither does finding the Active Directory server that awaits on the other side.”

Source…

The Past, Present and Future of Endpoint Management Solutions

/in


Endpoint management is a simple concept that’s become more complex over time. Initially, it was about provisioning and managing the computers and devices that people use in your organization in the bring your own device (BYOD) and mobile computing era. Then the Internet of Things (IoT) made things far more complex. And now perimeter security is being replaced by zero trust. The evolution of endpoint management is one of tackling increasing complexity. 

In today’s complex world, you need a great unified endpoint management (UEM) solution.

Under the UEM umbrella, mobile device management (MDM) and enterprise mobility management (EMM) enable UEM for mobile and IoT devices, which is really the core of UEM in a remote and hybrid world. 

This didn’t use to be the case. In the past, UEM, MDM and EMM were all separate worlds of tools, practices and policies. But in recent years they’re merging into a single area in the UEM category. 

Of course, zero trust is a methodology, architecture and even a mindset — not a technology or specific set of tools. But UEM is strongly associated with zero trust because that approach calls for managing many aspects of all devices in the organization at a massive scale. 

Read the interactive white paper

Here Comes the Zero Trust Imperative

It’s a cliche to suggest that zero trust replaces perimeter security, but this is somewhat misleading on two counts. First, it’s not really about trust, per se. You may ‘trust’ any specific employee, or their device, but they still don’t get access without proper authentication. A perimeter still exists, and that perimeter is every endpoint. In other words, for attackers, every endpoint is a door. The zero trust approach makes sure every door stays locked. The person knocking on that door has to prove they are an authorized user using authorized software on an approved device. The security dimension of UEM is, in essence, the process of watching those doors at scale. 

That idea is conceptually simple. But watching the door really means making sure the lock is up to date and configured correctly, that the activity around that door looks normal, that any abnormal activity is investigated and that…

Source…

Cybercrime: A clear and present danger

/in


Cybercrime: A clear and present danger | Security Magazine




Source…

Researcher Details Three Zero-Day Exploits Still Present In iOS 15

/in


Usually software updates come with things like bug fixes and security patches. Unfortunately for iOS 15, it seems that Apple has left in three zero-day exploits despite being warned in advance. This is according to a post by an anonymous security researcher and shared and verified by Kosta Eleftheriou.

According to the post, “I’ve reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page.” 

They add, “When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time.” 

The researcher then gave Apple the courtesy by giving them an opportunity to respond and provide an explanation, if not they would make the information public, which obviously they haven’t which is why those vulnerabilities have since been disclosed.

These vulnerabilities are a bit technical but they are explained on the researcher’s blog, so if you’re curious to learn more you can check it out. Apple has yet to respond to the post, but given that these exploits have been made public and are potentially exploitable by hackers who now know about them, hopefully they’ll be patching them ASAP.

Filed in Apple >Cellphones. Read more about iOS, Ios 15 and Security. Source: macrumors

Source…