CERT Warns Bad Actors Are Targeting Remote Access –

              How Security Operations Find and Route These “Below

                                              the Radar” Attacks


             New Ransomware/Exfiltration Campaign Targeting Remote Access Resists Resolution Through Data
                                                         Restoration

                                               By Saryu Nayyar, CEO, Gurucul


            Remote access tools, such as VPN’s, RDP, VNC, Citrix, and others, have always been an inviting target
            for attackers.  Even 2003’s Matrix Reloaded used an exploit against an old version of Secure Shell (SSH)
            as a plot device in a rare cinematic example of a real-world cyber-security threat.  The recent shift to a
            remote workforce in response to a global pandemic has made remote access an even more inviting target
            for threat actors of all stripes.




            As a recent report from New Zealand’s CERT pointed out, malicious actors are actively focusing on
            remote access vectors, using a range of attack techniques.  While unpatched systems are an ongoing
            issue, attackers are also targeting weak authentication schemes, including a notable lack of two-factor
            authentication.  The users themselves are also a primary target.  Targeted email such as spear phishing,
            which goes for a specific target, or cast-netting, that targets people within a single organization, have a
            history of success and have seen a noticeable rise.






            Cyber Defense eMagazine – August 2020 Edition                                                                                                                                                                                                                        67
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.