Jump to content
Sign in to follow this  
itman

Ransomware or Exploits - Which Are More Likely To Attack You?

Recommended Posts

According to Fortinet which does annual threat landscape reporting, the "hands down winner" is exploits:

Quote

Understanding exploit trends or how ransomware works and spreads, the better we can avoid the impact caused by the next WannaCry. The malicious ransomware and its variants achieved great scale with hundreds of organizations affected across the world at once.

  • Ransomware: Just under 10% of organizations detected activity associated with ransomware. On any given day, an average of 1.2% dealt with ransomware botnets running somewhere in their environment. The peak days of activity fell on weekends, with the hope of slipping traffic past weekend security operations staff. As the average traffic volume of various ransomware botnets increased, the average number of firms impacted by them rose as well.
  • Exploit Trends: 80% of organizations reported high or critical-severity exploits against their systems. The majority of these targeted vulnerabilities were released in the last five years, but no shortage of attempts was made against premillennial CVEs. Exploit distribution was pretty consistent across geographical regions, likely because a huge proportion of exploit activity is fully automated via tools that methodically scan wide swaths of the Internet probing for opportunistic openings.

https://www.fortinet.com/corporate/about-us/newsroom/press-releases/2017/fortinet-threat-landscape-report.html

Therefore one's number one security priority should be ensuring all their devices have applied all available OS and app software patches as soon as they are available.

Edited by itman

Share this post


Link to post
Share on other sites

In regards to recent ransomware attacks:

Quote

Ransomware victims who opt to pay their attackes for the promise of a decryption key forked over, on average, $6,733 during the fourth quarter of 2018,

"The Q4 data set is derived from 226 unique ransomware attacks that were reported to, and triaged by, Coveware," CEO Bill Siegel tells Information Security Media Group. He says his firm handled negotiations for all ransoms that its customers - both individuals and organizations - chose to pay. But he cautions that not all payments resulted in victims receiving a decryption key or successfully decrypting all crypto-locked data.

For victims who were able to identify the source of their ransomware infection, Coveware says 85 percent traced to RDP, 14 percent to phishing and 2 percent to another form of social engineering.

https://www.databreachtoday.com/ransomware-victims-who-pay-cough-up-6733-on-average-a-11994

So again, more proof that the overwhelming source of ransomware attacks is via RDP usage.

Edited by itman

Share this post


Link to post
Share on other sites

Need further justification on why you shouldn't be using RDP? 

Quote

Remote Desktop Protocol Clients Rife with Remote Code-Execution Flaws

Several flaws in both open-source RDP clients and in Microsoft’s own proprietary client make it possible for a malicious RDP server to infect a client computer – which could then allow for an intrusion into the IT network as a whole.

UPDATE

LAS VEGAS — Multiple critical vulnerabilities in the commonly used Remote Desktop Protocol (RDP) would allow a malicious actor to achieve remote code-execution over a client’s computer.

According to Check Point research released Tuesday at the CPX360 event in Las Vegas, both open-source and Microsoft proprietary RDP clients are at risk from an attacker who has either set up a malicious RDP server within a network, or who has compromised a legitimate one using other vulnerabilities.

It turns out that the vulnerabilities make it possible to do just that, essentially reversing the usual direction of communication and infecting the client computer – that in turn could then allow for an intrusion into the IT network as a whole.

According to Check Point, 16 major vulnerabilities and a total of 25 security vulnerabilities were found overall across the clients it examined; these include mstsc.exe (Microsoft’s built-in RDP client); FreeRDP (the most popular and mature open-source RDP client on Github, Check Point said); and rdesktop (an older open-source RDP client that comes by default in Kali-linux distros, often used by security research red teams for penetration testing).

Edited by itman

Share this post


Link to post
Share on other sites

Business Email Compromise Attacks See Almost 500% Increase

Quote

Proofpoint Quarterly Threat Report's key findings:

EMAIL:
Banking Trojans remain the top email-borne threat in Q4, making up 56% of all malicious payloads in Q4; Emotet comprised 76% of all banking Trojan payloads.
• Remote access Trojans accounted for 8.4% of all malicious payloads in Q4 and 5.2% for the year, marking a significant change from previous years in which they were rarely used by crimeware actors.
Ransomware dropped even further in Q4 to just one tenth of 1% of overall malicious message volume.
Malicious messages bearing credential stealers or downloaders collectively jumped more than 230% year over year
Email fraud, also known as BEC, continued its dramatic growth. The number of email fraud attacks against targeted companies increased 226% QoQ and 476% vs. Q4 2017.

WEB-BASED ATTACKS:
• Coinhive activity spiked to 23 times the average for the year for two weeks in December; overall, Coinhive activity continued to grow slowly aside from this spike.
In Q4, we still observed a 150% increase in social engineering detections on our worldwide network of IDS sensors; while this is a slower growth rate than observed in previous quarters, it continues to demonstrate a trend towards social engineering even as EK activity has remained low.

SOCIAL MEDIA:
Fraudulent social media support account phishing, or ”angler phishing,” has increased 442% year-over-year
• Phishing links on social channels continue to drop as platforms address this issue algorithmically

https://www.bleepingcomputer.com/news/security/business-email-compromise-attacks-see-almost-500-percent-increase/

Edited by itman

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×