Page 67 - Cyber Defense Magazine for August 2020
P. 67
CERT Warns Bad Actors Are Targeting Remote Access –
How Security Operations Find and Route These “Below
the Radar” Attacks
New Ransomware/Exfiltration Campaign Targeting Remote Access Resists Resolution Through Data
Restoration
By Saryu Nayyar, CEO, Gurucul
Remote access tools, such as VPN’s, RDP, VNC, Citrix, and others, have always been an inviting target
for attackers. Even 2003’s Matrix Reloaded used an exploit against an old version of Secure Shell (SSH)
as a plot device in a rare cinematic example of a real-world cyber-security threat. The recent shift to a
remote workforce in response to a global pandemic has made remote access an even more inviting target
for threat actors of all stripes.
As a recent report from New Zealand’s CERT pointed out, malicious actors are actively focusing on
remote access vectors, using a range of attack techniques. While unpatched systems are an ongoing
issue, attackers are also targeting weak authentication schemes, including a notable lack of two-factor
authentication. The users themselves are also a primary target. Targeted email such as spear phishing,
which goes for a specific target, or cast-netting, that targets people within a single organization, have a
history of success and have seen a noticeable rise.
Cyber Defense eMagazine – August 2020 Edition 67
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.