With increased remote work, IT teams use remote access tools to manage company devices and ensure smooth operations. Remote desktop connections are highly attractive to hackers, with an average of over 37,000 attempts from multiple IP addresses daily. These attacks are typically automated, but once the hackers gain access credentials, they manually search for critical… Continue reading RDP Honeypot Was Attacked 3.5 Million Times
Tag: RDP
BlackCat Ransomware New Update Boosts Exfiltration Speed
BlackCat ransomware continues to make a fuss globally for the second year now, targeting various sectors. Most of the time, it goes to healthcare, government, education, manufacturing, and hospitality. The group constantly improves operations, automating data exfiltration and releasing new ransomware versions with upgraded capabilities. What is BlackCat Ransomware? The cybercriminals use ALPHV (BlackCat), a… Continue reading BlackCat Ransomware New Update Boosts Exfiltration Speed
Microsoft Has Already Patched a Vulnerability in Windows RDP Twice
This week, CyberArk researchers shared technical information about a named pipe RDP (Remote Desktop Protocol) vulnerability in Windows, for which Microsoft had to release two patches. The RCE vulnerability CVE-2022-21893 was fixed on January 2022 Patch Tuesday, but the attack vector was not fixed. In April 2022, Microsoft already fixed the new bug CVE-2022-24533. Let… Continue reading Microsoft Has Already Patched a Vulnerability in Windows RDP Twice
New Pay2Key ransomware encrypts corporate networks in just an hour
A number of companies and large corporations in Israel have been targeted by cyberattacks using a new ransomware called Pay2Key. The first attacks were recorded by specialists from Check Point at the end of October this year, and now their number has increased. According to experts, criminals usually carry out attacks after midnight, when companies… Continue reading New Pay2Key ransomware encrypts corporate networks in just an hour
Sarwent malware opens RDP ports on infected machines
SentinelOne experts noticed that the new version of the Sarwent malware opens the RDP ports on infected computers. Researchers believe that this is due to the fact that maware operators can sell access to infected hosts to other criminal groups. Sarwent is a not-so-famous backdoor trojan, active since 2018. Previous versions of malware had a… Continue reading Sarwent malware opens RDP ports on infected machines
Due to pandemic, RDP and VPN usage grew by 41% and 33%
Amid of the COVID-19 pandemic, the use of remote access technologies such as RDP and VPN has grown significantly, as many companies have transferred their employees to remote work, and this usually involves a remote connection to internal networks. According to statistics from the Shodan search engine, by last Sunday, March 29, 2020, the… Continue reading Due to pandemic, RDP and VPN usage grew by 41% and 33%
Ransomware attacks most often occur at night and on weekends
According to a report published by the American company FireEye, 76% of all ransomware attacks in the corporate sector occur in the off-hours: 49% of them are recorded at night on weekdays, and another 27% at weekends. This data is based on dozens of ransomware incident investigations from 2017 to 2019. “In 76% of incidents… Continue reading Ransomware attacks most often occur at night and on weekends