Documente Academic
Documente Profesional
Documente Cultură
Cyber Threat
Report
October Week One
Prepared By:
Bear Trap Cyber Security
01 Cyber News
Recommended Action
UPDATE INTERNET EXPLORER
Users must install the security update for Internet Explorer manually
as Microsoft (MSFT) will not release an updated scan file until the next
security release in October 2020, but the update for Windows Defender
will be installed automatically.Recently there have been complaints
from users about Windows updates breaking and slowing computers,
which could deter users from installing the updates. However, Gartner
analyst Peter Firstbrook told CNN Business that users should go ahead
with the updates because a blue screen is much easier to cleanup than
an attack."From a security perspective, you're much better off to stay
current and stay with the latest updates," Firstbrook said.Although it
might seem like bad updates are a common occurrence, Firstbrook
said attacks are actually more frequent. Bad updates typically receive
more user reaction compared to attacks that occur when users don't
install updates.
https://www.cnn.com/2019/09/24/tech/microsoft-windows-security-threat/index.html
03 Security
Awareness
What is a Brute Force Attack?
RDP (Remote Desktop Protocol) is a
network communications protocol
developed by Microsoft, which allows
users to connect to another
computer.Remote desktop protocol is
available for Windows, Linux and Mac
operating systems.Simplified: With
Remote Desktop Protocol, one can
connect to any computer that runs
windows. Let’s say if you want to
access your PC from a laptop or any
other device, with RDP you can connect
to the remote PC, view the same
display and interact as if working on
that machine locally.
https://www.ericom.com/whatis/rdp/
Rise of RDP as a target vector
Recent reports of targeted attacks using RDP as an initial entry vector have
certainly caused significant headlines in lieu of the impact they have caused.
In the midst of city wide impacts, or even million dollar (plus) demands it is
easy to overlook the initial entry vector.What began as ‘targeted’ emails
focusing on predominantly consumers, the evolution of ransomware has
widened to incorporate pseudo attacks intended purely for destruction (e.g. no
viable decryption capability, or limited), to precision extortion against
corporations or public sector organizations.What was particularly surprising
is the speed with which RDP was quickly adopted as the initial entry vector as
was depicted in research by Coveware.As we contemplate the meaning of the
term targeted, we have to recognise that in many cases victims are targeted
merely due to the cybercrime eco-system. The advent of RDP shops selling
RDP credentials is undoubtedly fuelling the rise of such attacks, coupled with
the release of vulnerabilities against the protocol suggests the worst could
well be yet to come.Whilst measures to reduce the risk of RDP being exploited
focus around advice of maintaining good cyber hygiene its renewed focus
should encourage particular measures that go above and beyond generic
advice.
https://www.helpnetsecurity.com/2019/09/25/rdp-target-vector/