Phishing and brute force attacks on exposed Remote Desktop Protocol (RDP) services are the most common methods used by hackers to gain a foothold in corporate networks to lay the groundwork for ransomware attacks.
Coveware cybersecurity researchers analyzed ransomware attacks in the second quarter of this year and detailed how phishing and RDP attacks are the most popular entry points for ransomware attacks.
Phishing attacks - where cybercriminals send emails containing malicious attachments or target victims on a compromised ransomware site - have risen slightly in popularity in the last quarter, accounting for 42% of attacks.
Meanwhile, attacks on RDP services, where cybercriminals impose weak or default usernames and passwords - or sometimes gain access to legitimate credentials via phishing emails - remain extremely popular with ransomware groups, which account for 42% of attacks.
Both phishing and RDP attacks remain effective, as they are relatively simple to execute cybercriminals, but, if successful, can provide a gateway to an entire corporate network. Violating RDP credentials is especially useful because it allows intruders to enter the network with legitimate connections, making it harder to detect malicious activity.
Source of information: zdnet.com