Paul Ducklin, Senior Technologist
“You’ve probably heard the saying that ‘if you want a job doing properly, do it yourself,” said Paul Ducklin, Important Bloke at Vibrant Company. “Sadly, there’s a niche of cybercrooks who have taken that advice to heart: if you’ve been sloppy setting up remote access to your network, they log in themselves and infect you with ransomware directly, clickety-click. No messing around emails, no social engineering, no weird attachments, no need to convince you that ‘your invoice is attached, really, truly, honestly.
Sophos has uncovered a new niche in the world of cybercrime:
Ransomware infections where the crooks run the ransomware themselves. RDP is the Remote Desktop Protocol – Microsoft’s solution to remote system administration. RDP lets you connect to the screen and keyboard of someone else’s computer (or server) from anywhere, even from the other side of the world. Crooks have used and abused RDP for years – a weak RDP password is like a free pass into your server room with no one to supervise you. But Sophos experts have seen a recent spate of RDP attacks with a particularly ugly twist: the crooks use remote access to infect you with ransomware directly. No emails, no social engineering, no weird attachments, no need to convince you that “your invoice is attached, really, truly, honestly.”
And that’s not all – the crooks usually spend time up front turning off as many security features as they can and binning any backups they can find, to maximise the effects of the attack. They also add extra users accounts so they can get back in later for more. Most victims are small-ro-medium businesses who outsource their IT and rely on RDP in regular life. So we’ve put together a list of handy security tips to help you outsource safely. If you’re using a third-party IT company and they haven’t already suggested the same precautions that we’re proposing, why not ask them why, and ask yourself if they’re the right people to be looking after your network?
Interested? Read the whole article on: Nakedsecurity