NPP Australia: Notifying Customers of a New PayID Leak
infosec

NPP Australia: Notifying Customers of a New PayID Leak

PayID's search function on Australia's new payment platform (NPP) has encountered problems once again. This...
Read More
infosec

Man-in-the-middle attacks: What are the most common types?

In a previous article we analyzed exactly what man-in-the-middle attacks are, how they work, how they are carried out and how we can protect ourselves against ...
Read More
infosec tweaks

Man-in-the-middle attacks: What is and how to protect yourself?

A man-in-the-middle attack presupposes three parts. The victim, the entity with which the victim is trying to communicate ...
Read More
infosec

Your keyboard can betray your passwords to hackers

Hackers are able to edit your online passwords only from the sound of your keystrokes, revealed a ...
Read More
infosec

Bluetooth vulnerability affects Apple, Qualcomm and Intel devices!

Bluetooth is used worldwide as one of the most convenient methods of connecting and controlling connected devices. However, according to ...
Read More
Latest Posts

How dangerous and frequent is an attack on RDP-enabled computers?

How long does it take for an attack on RDP-enabled computers? In some cases, a few minutes. In most, less than 24 hours.

The problem with RDP (Remote Desktop Protocol)

"In recent years, criminals who develop targeted ransomware such as BitPaymer, Ryuk, Matrix and SamSam almost completely abandoned others hacking methods in favor of using the RDP, "say Sophos, Matt Boddy, Ben Jones and Mark Stockley.

The hackers have the choice to break passwords using tools like NLBrute or buy broken passwords by others or accounts on broken RDP servers.

In order to get an idea of ​​how many attacks the RDP servers face daily, 10 geographically dispersed versions of Amazon EC2 Windows Server 2019, with RDP enabled and secured with a "prohibitously strong password ".

One of them accepted a RDP brute-forcing attack for one minute and 24 seconds. In total, during the month, 4.298.513 recorded failed login attempts.

Some attackers tried to attack on administrator accounts while others were in low-bills, in the hope that passwords would be easier to uncover. In an effort to keep their activities low profile, they slowly escalated their attacks by limiting or strengthening the case accordingly.

Another interesting thing that this research showed: attackers are not based on Shodan - the search engine that lists devices connected to the Internet - to identify potential targets.

Reduce DP password brute-forcing risk

RDP-based Remote Desktop Services is a useful technology that allows business managers to reach out to and interact with computers on remote networks or on cloud.

Two months ago, the microsoft warned about it CVE-2019-0708 (also known as BlueKeep), a wormable unauthorized remote code execution flaw in RDS, which was expected to be widely exploited.

Although cyber experts believe that hacking teams funded by the state already use BlueKeep for quiet invasions, we still do not have some mass exploitation.

However, inadequately secure RDP servers represent an easy target for hungry cybercriminals, who often use them to spread malware (usually ransomware) throughout the target network.

Although the solution for RDP password brute-forcing is as easy as choosing a powerful and long Password, researchers are skeptical about this.

  • Microsoft could set two-factor authentication as a mandatory measure or switch to another form of authentication (eg public key authentication).
  • Cloud computing vendors could offer servers with an alternative form of remote management or authentication.
  • But until this happens, managers can mitigate the risk by allowing multi-factor authentication.
  • Finally, if the RDP is not necessary, it must be disabled. When needed, you only have access via a virtual private network (VPN).
Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

About Hack Unamatata

Take great photos, someone is stalking you

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *