Analysts from three cybersecurity companies have made reports on the favourite attacking vectors of ransomware groups this year. The result revealed RDP exploits, VPN vulnerabilities and phishing emails as the top three vectors of popular ransomware gangs in the first half of this year.
Top Three Attacking Vectors of Ransomware Groups in 2020
Reports from Recorded Future, Coveware and Emsisoft reveal the top attacking vectors of several ransomware groups in the H1 of 2020. These have been increased to new ranges amidst the worldwide lockdowns due to Coronavirus. Out of all attacks, here are the popular, or top three vectors;
Open RDP Ports
The Remote Desktop Protocol (RDP) is a feature available in every Windows computer to let others (authorized) to control the system through it. In terms of corporations, the team managers or other authorized personnel could remotely guide the employees who’re at work-from-home mode securely. While the feature is made for legit purposes, poor configurations by employees can turn things down.
Users who leave their RDP ports open even without any purpose are vulnerable. There are RDP shops in the dark web markets, where hackers exploit RDP ports of several machines and trade their access to other cyber criminals for a price.
Phishing Emails Campaign
Phishing is when an attacker sends a personalized email with a clone webpage to the target, with the hope of fooling them to lodge their credentials and steal. This method is so old, yet effective if the employees are vulnerable to clicking malicious links or attachments, which could download the malware to install backdoors for future use!
Many corporates have been using various VPN appliances attached to their networks, with most using the devices from F5, Citrix, Secureworks, Palo Alto Networks, Fortinet and Pulse Secure. Popular names among these VPN providers have recorded data breaches and security incidents, which triggered ransomware groups to prey on them.
Improper configurations of VPN settings or letting them bypass firewalls may sometimes give direct access to malwares targeted by attackers, who exploit the vulnerabilities reported just in hours. Once accessed, they install payloads to set backdoors for later use.
While there are many other vectors being recorded, these were among the top positions that are highly exploited by ransomware groups in H1 of 2020.
Other Trending News:- News