19 May 2021

RDP Hijacked for Lateral Movement in 69% of Attacks

According to a new report called the Active Adversary Playbook 2021, 90% of cyberattacks investigated by Sophos last year involved abuse of the Remote Desktop Protocol (RDP). Sophos states that 81% of these attacks featured ransomware. The new report details the experiences of frontline threat hunters and incident responders to

Read More
30 Apr 2020

Millions of Brute-Force Attacks Hit Remote Desktop Accounts

Experts have reported an increase in brute-force attacks targeting users of Microsoft’s Remote Desktop Protocol (RDP). The number of brute force attacks aimed at taking over corporate desktops and infiltrating company networks has been in the millions per week. This is likely a result of threat actors taking advantage of

Read More
07 Jan 2020

Microsoft: RDP brute-force attacks last 2-3 days on average

A recent study by Microsoft provides insights into brute-force attacks targeting Remote Desktop Protocol (RDP) implementations in enterprise environments. Over the last few years, RDP brute-forcing has become a popular attack vector in ransomware and other malware campaigns. By analyzing RDP-login events on 45,000 enterprise workstations, Microsoft found that the

Read More
08 Nov 2019

Microsoft Warns of More Harmful Windows BlueKeep Attacks, Patch Now

Research by Microsoft shows that the new campaign in which attackers exploit RDP instances vulnerable to the BlueKeep vulnerability in order to install cryptojacking malware, is likely tied to a cryptojacking campaign observed in September of this year. BlueKeep is a critical remote code execution flaw affecting RDP services on

Read More
04 Nov 2019

The First BlueKeep Mass Hacking Is Finally Here—but Don’t Panic

Threat actors are actively exploiting the critical BlueKeep flaw that impacts Remote Desktop Protocol (RDP) implementations on unpatched older Windows operating systems. Microsoft and other companies have warned that the flaw, tracked as CVE-2019-0708, is very dangerous because it could be used by attackers to carry out a massive attack

Read More
23 Oct 2019

Outdated OSs Still Present in Many Industrial Organizations: Report

Systems running outdated Windows versions are present on 62% of industrial networks, although that number is 71% if Windows 7 is taken into account, a new report by CyberX shows. Microsoft will stop supporting Windows 7 in January of next year. Suspicious activity was detected on 22% of networks. Examples

Read More
09 Oct 2019

Microsoft Issues 9 Critical Security Patches

As part of this month’s patch Tuesday bulletin, Microsoft has released fixes for 59 security flaws, including 9 critical vulnerabilities. So far the tech giant hasn’t found evidence that any of the patched issues are being exploited in the wild. However, Microsoft warns that one remote code execution (RCE) flaw

Read More
26 Sep 2019

Organizations Warned of Dual Threat Posed by RDP and Disruptive Ransomware

Two separate reports shed light on the rise of ransomware attacks targeting organizations via Remote Desktop Protocol (RDP) instances. A paper[pdf] by the Institute for Critical Infrastructure Technology (ICIT) states that RDP/ransomware campaigns are increasingly disrupting business operations and pose “an existential threat to critical infrastructure operators.” ICIT notes that

Read More
17 Sep 2019

Most Cyber Attacks Focus on Just Three TCP Ports

Almost two in three (65%) cyber campaigns targeting small to mid-sized businesses (SMBs) attack one of three popular TCP ports, namely port 22 (SSH, 35%), port 80 (HTTP, 15%) and port 443 (HTTPS, 15%), a new report by Alert Logic found. The fourth most targeted port is 3389, which is

Read More
07 Jun 2019

New GoldBrute Botnet is Trying to Hack 1.5 Million RDP Servers

A researcher with Morphus Labs has uncovered a botnet that is scanning the Internet for Windows machines that have a poorly secured Remote Desktop Protocol (RDP) connection enabled. The botnet, dubbed GoldBrute, tries to obtain access to vulnerable machines by launching brute-forcing and credential stuffing attacks. GoldBrute has already identified

Read More