Some 90% of cyber-attacks investigated by a top security vendor past 12 months included abuse of the Remote Desktop Protocol (RDP), and ransomware showcased in 81%.
The figures come from a new Active Adversary Playbook 2021 compiled by Sophos from the encounters of its frontline menace hunters and incident responders.
It exposed that, even though RDP is generally used to get first access into target companies, specifically throughout ransomware attacks, it was also hijacked by attackers in 69% of incidents for lateral movement.
Techniques these as employing VPNs and multi-factor authentication (MFA), which aim on preventing unauthorized external accessibility to RDP, will not get the job done if the attacker is already in the network, Sophos warned.
In actuality, it would seem as if attackers are ever more able of slipping earlier perimeter defenses to infiltrate networks. The regular dwell time for circumstances investigated by Sophos was 11 days. Looking at a lot of of these have been ransomware attacks which generally have to have much less time, 264 hrs is extra than adequate for risk actors to do their worst.
“With adversaries paying a median of 11 days in the network, implementing their attack even though blending in with regime IT activity, it is critical that defenders realize the warning indicators to glance out for and look into,” argued Sophos senior security advisor, John Shier.
“One of the greatest purple flags, for occasion, is when a respectable resource or activity is detected in a unforeseen area. Most of all, defenders need to bear in mind that technology can do a fantastic deal but, in today’s threat landscape, might not be adequate by itself. Human expertise and the capacity to answer are a vital element of any security option.”
In accordance to ESET, RDP attacks improved by a staggering 768% involving Q1 and Q4 2020 as cyber-criminals focused on exploiting a device utilized increasingly by remote staff to entry their company desktops.
Some components of this write-up are sourced from: