The data encryption and subsequent extortion is not the only scenario that could follow a commitment via RDP. Attackers often attempt to install malware to mine cryptocurrencies or create a backdoor, which can be used by attackers if the victim has identified and closed unauthorized RDP access.
Other common scenarios that can occur after the RDP commitment are: How to become a security architect
delete log files, thereby removing evidence of previous malicious activity,
download and execute on the compromised system tools and malware according to the attacker's choice,
disable or completely delete scheduled backups and shadow copies , also known as snapshots,
exfiltering data from the server.
As shown in this publication of 2013, cybercriminals have been trying to exploit the RDP for several years. The growth in the number of attacks on RDPs in recent years has been the cause of numerous security alerts published by different government entities, such as the FBI , the NCSC of the United Kingdom or the ACSC of Australia.
This just goes to show how important remote access security has become, as it can potentially make or break a company's future. And even if damage to an organization's reputation can be managed, there are financial losses, stagnant operations, and costly recovery efforts that must be considered. This does not consider the additional costs as a consequence of possible sanctions that the authorities may issue in accordance with the applicable data protection legislation, such as the GDPR (EU), CCPA (California) or NDB (Australia).
Whether there is a pandemic or not, companies must manage the risks posed by the widespread use of RDP or other similar services by strengthening their passwords and adding other additional layers of security, including multi-factor authentication and a security solution that protects against attacks. based on RDP and similar protocols.
Other common scenarios that can occur after the RDP commitment are: How to become a security architect
delete log files, thereby removing evidence of previous malicious activity,
download and execute on the compromised system tools and malware according to the attacker's choice,
disable or completely delete scheduled backups and shadow copies , also known as snapshots,
exfiltering data from the server.
As shown in this publication of 2013, cybercriminals have been trying to exploit the RDP for several years. The growth in the number of attacks on RDPs in recent years has been the cause of numerous security alerts published by different government entities, such as the FBI , the NCSC of the United Kingdom or the ACSC of Australia.
This just goes to show how important remote access security has become, as it can potentially make or break a company's future. And even if damage to an organization's reputation can be managed, there are financial losses, stagnant operations, and costly recovery efforts that must be considered. This does not consider the additional costs as a consequence of possible sanctions that the authorities may issue in accordance with the applicable data protection legislation, such as the GDPR (EU), CCPA (California) or NDB (Australia).
Whether there is a pandemic or not, companies must manage the risks posed by the widespread use of RDP or other similar services by strengthening their passwords and adding other additional layers of security, including multi-factor authentication and a security solution that protects against attacks. based on RDP and similar protocols.
No comments:
Post a Comment